Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sluggish, can't find malware, Vista OS, OTL log include


  • Please log in to reply

#1
BeckyH

BeckyH

    Member

  • Member
  • PipPipPip
  • 146 posts
I am running Vista on a HP laptop. Over the weekend it became VERY slow much like it was infected. I have done the following and been unsuccessful in getting it back up to speed.

Updated malwarebytes and ran it, every day since this started- Nothing has been found
Updated and ran Macafee virus-Nothing found
Ran two different defragmenters-two days after defragging it was back over 2 hours to defrag again
Used disc cleanup- no improvement
installed and ran Auslogics BoostSpeed-supposedly fixed registry errors etc but can't see any difference in speed

Below is the OTL log:

OTL logfile created on: 6/15/2011 10:32:29 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Owner\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 27.91% Memory free
8.02 Gb Paging File | 5.08 Gb Available in Paging File | 63.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 77.38 Gb Free Space | 34.91% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.66 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive E: | 1.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BECKY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 10:25:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\OTL.exe
PRC - [2011/06/15 00:31:22 | 000,941,936 | ---- | M] (Opera Software) -- C:\Users\Owner\AppData\Local\Temp\CProgram Files (x86)Opera\OperaUpgrader.exe
PRC - [2011/05/06 10:07:18 | 000,477,912 | ---- | M] (Auslogics) -- C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 16:12:22 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/15 13:54:02 | 000,031,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe
PRC - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 10:25:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/03/13 11:37:22 | 000,208,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/03/13 11:37:06 | 000,197,960 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 20:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 22:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/15 14:02:50 | 000,091,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Knowledge Networks\PanelApp\PanelSvc.exe -- (PanelSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/03/13 11:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/03/13 11:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/06 00:23:48 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/07/06 00:23:48 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2010/02/25 15:19:02 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/25 06:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/10/28 09:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/04/11 13:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/27 16:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 16:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 22:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 22:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://aol.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..keyword.URL: "http://www.fastbrows...2B459D8752}&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/01 10:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/24 20:22:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/14 00:51:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/09 09:41:19 | 000,000,000 | ---D | M]

[2009/03/20 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/06/02 10:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2av9j7tm.Charlie\extensions
[2011/05/06 15:58:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2av9j7tm.Charlie\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/03 22:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4czq74lk.Candy\extensions
[2011/05/06 11:26:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4czq74lk.Candy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/14 10:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions
[2010/10/03 23:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/23 20:01:25 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/02/10 21:12:23 | 000,000,000 | ---D | M] (Castle Age Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}(64)
[2011/05/09 09:42:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\[email protected]
[2009/11/10 13:07:13 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\[email protected]
[2010/02/19 06:39:42 | 000,000,923 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\searchplugins\conduit.xml
[2009/11/17 14:14:50 | 000,005,413 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\searchplugins\fast-browser-search.xml
[2011/05/09 09:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/22 21:33:40 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{23975c36-bc72-b8ae-b22a-c7f9768a02be}
[2010/06/11 09:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 12:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 17:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/17 10:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/25 22:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/24 20:22:48 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/06/04 21:36:38 | 000,000,000 | ---D | M] (Panel Application Bho) -- C:\USERS\OWNER\APPDATA\LOCAL\KNOWLEDGE NETWORKS\PANELAPP\FF
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\64TMWV5X.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/04/05 13:51:03 | 000,000,781 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost clothescloset.local
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110605025904.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110605025937.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [PanelApp] C:\Users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.184.64.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\zilla yawning.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\zilla yawning.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f236e2ab-2788-11de-b7b8-001eecb7b5cc}\Shell - "" = AutoRun
O33 - MountPoints2\{f236e2ab-2788-11de-b7b8-001eecb7b5cc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f958bbd1-2e4d-11e0-bbaa-001eecb7b5cc}\Shell\AutoRun\command - "" = F:\PortableVault.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 10:25:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Documents\OTL.exe
[2011/06/15 09:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/13 17:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/13 17:54:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/13 17:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/12 16:33:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2011/06/12 16:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/06/12 16:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/06/04 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knowledge Networks
[2011/06/04 18:42:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Knowledge Networks
[2011/06/04 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Knowledge Networks
[2011/05/26 18:34:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\WeatherBug
[2011/05/26 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2011/05/26 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2011/05/26 18:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2011/05/25 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Recorded Scripts
[2011/05/25 17:01:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nemex
[2011/05/25 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mouse Recorder Pro
[2011/05/25 16:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro 2
[2011/05/25 16:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nemex
[2009/08/17 13:31:14 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/08/17 13:31:13 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/08/17 13:31:12 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/08/17 13:31:11 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/08/17 13:31:10 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[9 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 10:50:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 10:29:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000UA.job
[2011/06/15 10:25:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\OTL.exe
[2011/06/15 09:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 09:19:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/15 09:18:27 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/06/15 09:15:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 09:15:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 09:15:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 09:13:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/14 20:32:23 | 000,002,039 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 20:32:22 | 000,002,077 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/06/14 19:29:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000Core.job
[2011/06/14 16:01:11 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2011/06/14 10:00:23 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/06/13 17:54:10 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/13 17:40:27 | 000,403,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/13 09:16:44 | 000,001,034 | ---- | M] () -- C:\Users\Owner\Desktop\Auslogics BoostSpeed.lnk
[2011/06/12 16:33:14 | 000,001,041 | ---- | M] () -- C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
[2011/06/08 19:36:09 | 000,000,842 | ---- | M] () -- C:\Users\Owner\Desktop\GiftBox+.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/25 16:59:20 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk
[2011/05/25 16:59:20 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Play.lnk
[2011/05/23 10:05:14 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[9 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 17:54:10 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/13 09:16:44 | 000,001,034 | ---- | C] () -- C:\Users\Owner\Desktop\Auslogics BoostSpeed.lnk
[2011/06/12 16:33:14 | 000,001,041 | ---- | C] () -- C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
[2011/06/04 21:34:50 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/05/25 16:59:20 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk
[2011/05/25 16:59:20 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Play.lnk
[2011/02/14 12:48:46 | 000,208,138 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/04/05 13:29:33 | 000,771,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/01 10:04:26 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/29 17:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/09/15 21:00:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/15 20:59:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/15 20:58:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:55:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/04 19:52:40 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/03/08 21:09:18 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2009/01/18 19:05:45 | 000,024,576 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 15:17:47 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/01/09 12:59:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/01/02 17:31:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/02 12:19:34 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/09/02 12:19:34 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/08/04 05:57:37 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/04 04:29:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/12 14:49:22 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/09/05 07:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aHisoft
[2011/06/13 07:29:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2009/10/26 17:32:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2009/10/31 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/05/04 19:22:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hewlett Packard
[2009/05/02 11:39:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/05/25 16:59:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mouse Recorder Pro
[2011/06/15 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2009/05/04 21:31:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/05/26 18:34:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2011/06/15 09:13:43 | 000,032,546 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2011/06/14 16:01:11 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\vtscheduletask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:EA031481

< End of report >

OTL Extras logfile created on: 6/15/2011 10:32:29 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Owner\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 27.91% Memory free
8.02 Gb Paging File | 5.08 Gb Available in Paging File | 63.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 77.38 Gb Free Space | 34.91% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.66 Gb Free Space | 14.80% Space Free | Partition Type: NTFS
Drive E: | 1.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BECKY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BF B3 AF 62 9E 36 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1B0F34-6282-465C-87D0-95987C245149}" = rport=139 | protocol=6 | dir=out | app=system |
"{201C9A69-5014-4B1E-B0EC-D1037C5FB6BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3C680632-F1B6-4C3B-9EAA-31F6A37FE869}" = lport=137 | protocol=17 | dir=in | app=system |
"{3CC6BC7B-66B6-477F-B0CE-AE3A260998E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4754496C-55AC-440F-8833-140EFDD53D85}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{527AC9D5-7AD8-47AB-9729-0D7F5C488566}" = rport=138 | protocol=17 | dir=out | app=system |
"{542901C3-0B39-4E3D-BAC0-97B1F27EE6FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D75CCCF-BBC3-410F-90DE-6C656FB316CB}" = lport=138 | protocol=17 | dir=in | app=system |
"{6066AAF0-3BBA-48D3-B032-DC7CBDBB8B4A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{643FC2C2-9879-44A4-9592-4B91F5DB0FE6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{737DC828-C1D3-4F8D-BCB4-823026E4FA9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{827497DE-91F1-4599-8913-F379E064B002}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A8AC9E0-17DF-41F0-A343-44CD4838B9FA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C3C1C84-15D8-422A-9B5E-CA749140C45A}" = rport=445 | protocol=6 | dir=out | app=system |
"{93E59D57-74D1-4142-AB21-42BEDB0DD6A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9DBFE548-9FF7-4D0D-8BA9-B6BBA86427BA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A0484E3C-C1F8-4DF8-8990-676AD94320BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4B1DBC4-BF9B-4E78-8E0C-4F30E14870F2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A713D7DE-855F-43D0-A618-A8816ED12252}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{AC21E353-807A-403A-9DD4-9B816D553CE5}" = lport=139 | protocol=6 | dir=in | app=system |
"{B682EF9F-835E-48D6-BB61-03442016C07C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6E177BC-B5C3-4DA4-A7E6-283EAFD04603}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B929EF2E-25AD-4C0C-AFEC-3C553136B978}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE3E1FD8-EA53-4E8E-B27A-F14A54F8278A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0976938D-93FF-49D8-A489-17B72E22C2C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A9FFD5F-D914-4FC2-AD20-F58D5409265A}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{0CC78ED4-0BD8-48E1-9B89-EDCFFBFF0EBF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{11524521-35CD-4B25-A002-71D9FBCD8524}" = protocol=58 | dir=out | [email protected],-28546 |
"{1CAA1854-A438-466D-8DEE-DD198E2E3756}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1F97B974-991B-46F2-BB49-7EB6D7F32EC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{22B1D408-C756-4206-9233-8C06A60587E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{254CCD50-437C-4056-B272-2A4E471B99DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31C4E01B-1DE0-42C1-BF45-CF05DC667C71}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{369348EB-5223-42A0-988A-28B3C86DE438}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{37CA2BDC-4E09-4BC0-891F-82722966C9C8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39BA0A3F-163F-466B-A58D-672C89FAC0FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A4BBDCE-F875-40D1-BC98-499350C5EA3A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3DE40DC2-1C95-464A-A35B-844AA1B52A53}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{419B0A28-B346-4C5A-883E-379BA862DBE9}" = protocol=58 | dir=in | [email protected],-28545 |
"{4496C169-B1E1-4339-8DD5-D50969A01BAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{46A5E366-6076-434C-8A4C-565718FEBE2A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{472FBE29-6C19-41A3-970D-42993CF676E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{50180480-8C52-48A5-A15D-620DEBB325CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51F464F6-EFAA-406C-A195-A70DDB7D793A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67460181-E6E5-4F2B-97ED-1B1377D8A62C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6837793C-41FC-4ECC-B43B-E2988E8B8EAD}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{6FE8485D-A994-451A-AF6F-0AD7BBD7A008}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{76546DCA-7AE4-4F51-A229-B7DA9A7E5189}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF4852D-550E-4B36-84F4-9DC6A5BAB922}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8723ED64-9673-48AD-AB9D-E8D3FC242497}" = protocol=1 | dir=in | [email protected],-28543 |
"{8AE6A89C-55AE-4CC9-A77D-C58F80B27F68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B932AB5-6C7D-48BB-9003-0147CED749D4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{93A736FF-DFEC-4335-8D48-C82CA9C16FD8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9791F2A0-A79A-43C1-B95B-3478CF818FE0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{983329D2-9EC9-4A1E-A8B1-D74A53D7BC2B}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{A1BF1083-7D0E-4F2E-8C8D-4D715E045A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4AC253B-DEC4-4305-8C97-B7D00EAAEBEC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B5928F63-E6E9-4973-839B-F6DA579CC190}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2A9CEA2-5209-4607-A520-383DC916976D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CE0586B8-4996-4BC5-85B7-50614C58F0D3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{CEB0653A-4A20-4EF7-98FE-E47A19C1819B}" = protocol=1 | dir=out | [email protected],-28544 |
"{D1639B60-D38F-473B-8FDD-347F3AD5BA13}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E2A5E980-EC9E-4BA3-B391-C6E3DB740FA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2F7C29D-849A-4705-BD8B-C141C9C851A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBA090FA-CAED-4E65-BFA9-B9FD30F6D16A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED25AF74-F620-40EF-A4D2-44E11BEF6C0B}" = protocol=6 | dir=out | app=system |
"{EF5E09A7-AE26-4F8E-B886-1179E3C4BB23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{60502208-35B4-4759-A379-056F19FD25B4}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{B0377852-E99F-4D90-A57D-206CD14ED846}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}" = Microsoft SQL Server Management Studio Express
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91" = ENE CIR Receiver Driver (12/30/2008 2.7.2.0)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.7.0
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5EA1755-1899-4380-A4BA-83840648CBDA}" = Knowledge Networks Technology Tracking Application
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Cool VOB To MPEG Converter_is1" = Cool VOB To MPEG Converter 1.0
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Family Tree Maker 2010" = Family Tree Maker 2010
"FileZilla Client" = FileZilla Client 3.2.8.1
"GiftBox+" = GiftBox+
"Google Updater" = Google Updater
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSC" = McAfee Total Protection
"Opera 11.11.2109" = Opera 11.11
"PROR" = Microsoft Office Professional 2007
"Trailer Park Tycoon" = Trailer Park Tycoon
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2011 12:54:47 AM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 12:54:47 AM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 12:54:48 AM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 12:54:48 AM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 12:54:48 AM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 9:13:33 PM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 11:34:51 PM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/14/2011 11:35:16 PM | Computer Name = Becky | Source = WinMgmt | ID = 10
Description =

Error - 5/15/2011 4:01:06 PM | Computer Name = Becky | Source = Application Error | ID = 1000
Description = Faulting application MvtApp.exe, version 6.0.0.0, time stamp 0x4cc93968,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception
code 0xc0000374, fault offset 0x000abdcb, process id 0x12b8, application start time
0x01cc133aac4528b5.

Error - 5/15/2011 11:35:32 PM | Computer Name = Becky | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Hewlett-Packard Events ]
Error - 5/9/2011 9:00:40 PM | Computer Name = Becky | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051109085957.xml
File not created by asset agent

Error - 5/23/2011 8:38:37 PM | Computer Name = Becky | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051123083803.xml
File not created by asset agent

Error - 5/23/2011 8:39:10 PM | Computer Name = Becky | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051123083837.xml
File not created by asset agent

Error - 5/31/2011 2:24:31 PM | Computer Name = Becky | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051131022358.xml
File not created by asset agent

Error - 6/13/2011 8:55:43 PM | Computer Name = Becky | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061113085510.xml
File not created by asset agent

[ Media Center Events ]
Error - 10/11/2009 11:32:00 PM | Computer Name = Becky | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/2/2010 5:23:57 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76974
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 2/16/2010 6:22:29 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 76659
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 3/2/2010 5:47:01 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 68
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/2/2010 8:37:52 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/2/2010 8:38:56 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/16/2010 4:52:11 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 183
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/12/2010 3:43:42 AM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 381187
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 10/27/2010 3:17:32 AM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 378134
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 4/4/2011 11:28:50 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/5/2011 4:04:34 PM | Computer Name = Becky | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 59739
seconds with 2940 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/14/2011 10:45:29 AM | Computer Name = Becky | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 6/14/2011 10:46:06 AM | Computer Name = Becky | Source = DCOM | ID = 10016
Description =

Error - 6/14/2011 11:42:15 AM | Computer Name = Becky | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0021005E8662 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 6/14/2011 11:42:15 AM | Computer Name = Becky | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.101
with the system having network hardware address 00-14-A5-05-47-B9. Network operations
on this system may be disrupted as a result.

Error - 6/14/2011 3:00:55 PM | Computer Name = Becky | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 0021005E8662 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 6/15/2011 9:15:37 AM | Computer Name = Becky | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 6/15/2011 9:16:21 AM | Computer Name = Becky | Source = DCOM | ID = 10016
Description =

Error - 6/15/2011 9:21:07 AM | Computer Name = Becky | Source = DCOM | ID = 10010
Description =

Error - 6/15/2011 9:32:57 AM | Computer Name = Becky | Source = Service Control Manager | ID = 7031
Description =

Error - 6/15/2011 9:45:09 AM | Computer Name = Becky | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0021005E8662 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


Thank you in advance for any help. I have been working on this since Sat with no luck on my own so I came to the experts!
Becky
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall
Java™ 6 Update 5 (Obsolete)
Java™ 6 Update 24 (Obsolete)
µTorrent (Dangerous)
Auslogics (Snake Oil)



Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
[2011/05/23 20:01:25 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/02/10 21:12:23 | 000,000,000 | ---D | M] (Castle Age Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}(64)
[2011/05/09 09:42:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\[email protected]
[2010/06/11 09:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 12:38:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 17:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/17 10:59:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/25 22:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [hpqSRMon] File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get SIW

http://www.snapfiles.com/get/siw.html

Run it and under Hardware look for Sensors. Click on Sensors and look in the right pane there should be some temperature readings for the CPU. What are they? Watch your video or run an anti-virus scan for a little bit then look again. Are the temps going up? What are they now?


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run,

Start, All Programs, Accessories then right click on Command Prompt and type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Well first I could not find an icon to clear the java as there was no java icon to click on in the control panel
I did uninstall the programs you said (the auslogics had appeared on one of the malware pages as a "recommended download" so I thought it would be good since it was advertised on these pages)
Here is the combofix log

ComboFix 11-06-15.04 - Owner 06/16/2011 9:28.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2464 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Advanced Entry Provider
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\AEPCommon.dll
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\Data\config.md
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\chrome.manifest
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\chrome\AEPAddOn.jar
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.js
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\chrome\content\AEPAddOn.xul
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.dll
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFAddOn.xpt
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\components\AEPFFHelperComponent.js
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\FF\install.rdf
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\unins000.dat
c:\program files (x86)\Advanced Entry Provider\4.4.0.2380\unins000.exe
c:\program files (x86)\Live Access Operator
c:\program files (x86)\Live Access Operator\4.4.0.5790\Data\config.md
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\chrome.manifest
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.js
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\chrome\content\LAOAddOn.xul
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\chrome\LAOAddOn.jar
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.dll
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\components\LAOFFAddOn.xpt
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\components\LAOFFHelperComponent.js
c:\program files (x86)\Live Access Operator\4.4.0.5790\FF\install.rdf
c:\program files (x86)\Live Access Operator\4.4.0.5790\LAOCommon.dll
c:\program files (x86)\Live Access Operator\4.4.0.5790\unins000.dat
c:\program files (x86)\Live Access Operator\4.4.0.5790\unins000.exe
c:\program files (x86)\Real Search Enhancer
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\Data\config.md
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\chrome.manifest
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.js
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\chrome\content\RSEAddOn.xul
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\chrome\RSEAddOn.jar
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFAddOn.xpt
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\components\RSEFFHelperComponent.js
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\FF\install.rdf
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\RSECommon.dll
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\unins000.dat
c:\program files (x86)\Real Search Enhancer\4.4.0.2520\unins000.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\basis.xml
c:\program files (x86)\Search Toolbar\bg.bmp
c:\program files (x86)\Search Toolbar\bing_logo.png
c:\program files (x86)\Search Toolbar\celebrity.png
c:\program files (x86)\Search Toolbar\drop_images.png
c:\program files (x86)\Search Toolbar\drop_maps.png
c:\program files (x86)\Search Toolbar\drop_news.png
c:\program files (x86)\Search Toolbar\drop_videos.png
c:\program files (x86)\Search Toolbar\drop_web.png
c:\program files (x86)\Search Toolbar\facebook.png
c:\program files (x86)\Search Toolbar\favicon.png
c:\program files (x86)\Search Toolbar\games.png
c:\program files (x86)\Search Toolbar\hotmail.png
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\images.png
c:\program files (x86)\Search Toolbar\include.xml
c:\program files (x86)\Search Toolbar\info.txt
c:\program files (x86)\Search Toolbar\lifestyle.png
c:\program files (x86)\Search Toolbar\maps.png
c:\program files (x86)\Search Toolbar\messenger.png
c:\program files (x86)\Search Toolbar\msn.png
c:\program files (x86)\Search Toolbar\news.png
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\tbhelper.dll
c:\program files (x86)\Search Toolbar\twitter.png
c:\program files (x86)\Search Toolbar\uninstall.exe
c:\program files (x86)\Search Toolbar\update.exe
c:\program files (x86)\Search Toolbar\version.txt
c:\program files (x86)\Search Toolbar\video.png
c:\program files (x86)\Search Toolbar\videos.png
c:\program files (x86)\Search Toolbar\weather.png
c:\program files (x86)\Search Toolbar\web.png
c:\program files (x86)\Targeted Content Wizard
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\pxtmpdata.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\TP_Config.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\TP_Data.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\TP_DomainExcludeList.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\TP_DomainInterval.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\TP_KeywordInterval.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\data\TP_Rstatus.mx
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\chrome.manifest
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.js
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.js.bak
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.xul
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\chrome\content\FFAddOn.xul.bak
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\components\FFHelperComponent.js
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\components\ITCWFFComponent.xpt
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\FF\install.rdf
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\unins000.dat
c:\program files (x86)\Targeted Content Wizard\1.4.0.3580\unins000.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Owner\GoToAssistDownloadHelper.exe
.
----- BITS: Possible infected sites -----
.
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 13:47 . 2011-06-16 13:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-16 13:23 . 2011-06-16 13:24 -------- d-----w- C:\32788R22FWJFW
2011-06-16 12:37 . 2011-06-16 12:37 -------- d-----w- C:\_OTL
2011-06-15 22:21 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 22:21 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 22:19 . 2011-05-28 04:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 22:19 . 2011-05-28 04:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-15 21:54 . 2011-04-29 13:41 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 21:54 . 2011-04-29 13:40 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 21:54 . 2011-04-21 14:20 405504 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 21:53 . 2011-04-30 06:09 758784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:53 . 2011-04-30 06:22 1027584 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:52 . 2011-04-29 13:39 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 21:52 . 2011-04-29 13:39 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 21:52 . 2011-04-29 13:39 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 21:51 . 2011-05-18 13:56 2762752 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 21:50 . 2011-05-02 12:02 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-06-15 21:50 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 21:40 . 2011-04-14 15:14 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 21:40 . 2011-05-02 17:13 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 21:40 . 2011-05-02 17:16 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-14 13:10 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84847BE6-06F0-43A7-B3B1-837E9BA2ADCD}\mpengine.dll
2011-06-13 21:54 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-13 21:53 . 2011-06-13 21:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-12 20:33 . 2011-06-13 11:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2011-06-12 20:32 . 2011-06-16 13:15 -------- d-----w- c:\program files (x86)\Auslogics
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 10:57 . 2011-06-05 10:57 0 ---ha-w- c:\users\Owner\AppData\Local\BIT9645.tmp
2011-06-05 06:59 . 2011-03-13 15:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-04 22:42 . 2011-06-04 22:42 -------- d-----w- c:\users\Owner\AppData\Local\Knowledge Networks
2011-06-04 22:42 . 2011-06-04 22:42 -------- d-----w- c:\program files (x86)\Knowledge Networks
2011-05-26 22:34 . 2011-06-16 01:16 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBug
2011-05-26 22:34 . 2011-05-26 22:34 -------- d-----w- c:\users\Owner\AppData\Roaming\WeatherBug
2011-05-26 22:32 . 2011-05-26 22:32 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-05-26 22:32 . 2011-05-26 22:32 11264 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-05-26 22:32 . 2011-05-26 22:32 -------- d-----w- c:\program files (x86)\AWS
2011-05-25 21:01 . 2011-05-25 21:39 -------- d-----w- c:\users\Owner\AppData\Local\Nemex
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Mouse Recorder Pro
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\program files (x86)\Nemex
2011-05-17 15:30 . 2011-05-17 15:30 1103784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\RICHED20.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-08-06 02:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 03:36 . 2011-05-15 03:36 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-06-05 01:36 72704 ----a-w- c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\pahelper_1502.2011.0310.1640.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"PanelApp"="c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe" [2010-04-15 31232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c99f87d3bc63b0;Google Update Service (gupdate1c99f87d3bc63b0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PanelSvc;PanelSvc;c:\program files (x86)\Knowledge Networks\PanelApp\PanelSvc.exe [2010-04-15 91136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 158832]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 23:44]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 00:49]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 00:49]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 13:15]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 13:15]
.
2011-05-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2011-06-15 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-02-12 19:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-06-05 01:36 90624 ----a-w- c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\pahelper64_1502.2011.0310.1640.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 24.159.64.23 24.178.162.3 97.81.22.195
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ccApp - c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-isCfgWiz - c:\program files (x86)\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Adobe\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-06-16 09:55:25
ComboFix-quarantined-files.txt 2011-06-16 13:55
.
Pre-Run: 102,120,275,968 bytes free
Post-Run: 101,500,260,352 bytes free
.
- - End Of File - - AB5F6B3F702F3FC9FBCBA8450E0EFBEF

And the next one...

2011/06/16 11:22:34.0586 5004 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/16 11:22:36.0591 5004 ================================================================================
2011/06/16 11:22:36.0591 5004 SystemInfo:
2011/06/16 11:22:36.0591 5004
2011/06/16 11:22:36.0592 5004 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/16 11:22:36.0592 5004 Product type: Workstation
2011/06/16 11:22:36.0592 5004 ComputerName: BECKY
2011/06/16 11:22:36.0593 5004 UserName: Owner
2011/06/16 11:22:36.0593 5004 Windows directory: C:\Windows
2011/06/16 11:22:36.0593 5004 System windows directory: C:\Windows
2011/06/16 11:22:36.0593 5004 Running under WOW64
2011/06/16 11:22:36.0593 5004 Processor architecture: Intel x64
2011/06/16 11:22:36.0593 5004 Number of processors: 2
2011/06/16 11:22:36.0593 5004 Page size: 0x1000
2011/06/16 11:22:36.0593 5004 Boot type: Normal boot
2011/06/16 11:22:36.0593 5004 ================================================================================
2011/06/16 11:22:38.0328 5004 Initialize success
2011/06/16 11:22:57.0884 4364 ================================================================================
2011/06/16 11:22:57.0884 4364 Scan started
2011/06/16 11:22:57.0884 4364 Mode: Manual;
2011/06/16 11:22:57.0885 4364 ================================================================================
2011/06/16 11:22:59.0232 4364 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/06/16 11:22:59.0594 4364 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/06/16 11:22:59.0808 4364 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/06/16 11:22:59.0953 4364 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/06/16 11:23:00.0028 4364 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/06/16 11:23:00.0100 4364 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/06/16 11:23:00.0264 4364 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/06/16 11:23:00.0920 4364 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/06/16 11:23:01.0374 4364 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/06/16 11:23:01.0471 4364 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/06/16 11:23:01.0599 4364 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/06/16 11:23:01.0775 4364 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/06/16 11:23:01.0859 4364 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/16 11:23:01.0980 4364 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/16 11:23:02.0321 4364 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/06/16 11:23:02.0390 4364 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/06/16 11:23:02.0551 4364 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 11:23:02.0671 4364 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/06/16 11:23:03.0453 4364 BCM43XV (35756e37d5fdee22fbf27090a14fe608) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/16 11:23:04.0287 4364 BCM43XX (35756e37d5fdee22fbf27090a14fe608) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/16 11:23:04.0625 4364 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/06/16 11:23:04.0696 4364 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 11:23:04.0888 4364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/16 11:23:04.0972 4364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/06/16 11:23:05.0087 4364 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/06/16 11:23:05.0167 4364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/06/16 11:23:05.0261 4364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/16 11:23:05.0338 4364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/06/16 11:23:05.0439 4364 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/16 11:23:05.0505 4364 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/06/16 11:23:05.0604 4364 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/16 11:23:05.0697 4364 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
2011/06/16 11:23:05.0843 4364 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/16 11:23:06.0068 4364 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 11:23:06.0165 4364 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/16 11:23:06.0437 4364 cfwids (e8ddaaf635a4ea6f24927544e97c6de8) C:\Windows\system32\drivers\cfwids.sys
2011/06/16 11:23:06.0843 4364 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/16 11:23:06.0939 4364 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/06/16 11:23:07.0128 4364 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 11:23:07.0205 4364 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/06/16 11:23:07.0344 4364 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 11:23:07.0449 4364 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/16 11:23:07.0625 4364 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 11:23:07.0842 4364 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/06/16 11:23:07.0989 4364 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 11:23:08.0102 4364 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 11:23:08.0374 4364 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/06/16 11:23:08.0504 4364 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/06/16 11:23:08.0669 4364 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/06/16 11:23:08.0799 4364 enecir (cd0c80e5e9a9bf8dd145f43713d77993) C:\Windows\system32\DRIVERS\enecir.sys
2011/06/16 11:23:08.0961 4364 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/06/16 11:23:09.0113 4364 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/06/16 11:23:09.0200 4364 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 11:23:09.0278 4364 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 11:23:09.0388 4364 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 11:23:09.0483 4364 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 11:23:09.0576 4364 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 11:23:09.0671 4364 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 11:23:09.0845 4364 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/16 11:23:10.0054 4364 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 11:23:10.0126 4364 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/16 11:23:10.0397 4364 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/06/16 11:23:10.0530 4364 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/16 11:23:10.0691 4364 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/06/16 11:23:10.0767 4364 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/16 11:23:10.0946 4364 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/16 11:23:11.0092 4364 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/06/16 11:23:11.0197 4364 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/06/16 11:23:11.0478 4364 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/16 11:23:11.0857 4364 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/16 11:23:12.0502 4364 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/16 11:23:12.0835 4364 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 11:23:12.0939 4364 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/06/16 11:23:13.0042 4364 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/16 11:23:13.0163 4364 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/06/16 11:23:13.0581 4364 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/16 11:23:14.0165 4364 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/06/16 11:23:14.0350 4364 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/16 11:23:14.0616 4364 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/06/16 11:23:14.0699 4364 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 11:23:14.0824 4364 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/16 11:23:15.0020 4364 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/16 11:23:15.0080 4364 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/16 11:23:15.0150 4364 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/06/16 11:23:15.0208 4364 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/06/16 11:23:15.0297 4364 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/16 11:23:15.0368 4364 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/06/16 11:23:15.0426 4364 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/06/16 11:23:15.0544 4364 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/06/16 11:23:15.0696 4364 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/16 11:23:15.0784 4364 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/16 11:23:15.0897 4364 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 11:23:15.0991 4364 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/06/16 11:23:16.0156 4364 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/16 11:23:16.0268 4364 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/16 11:23:16.0348 4364 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/16 11:23:16.0492 4364 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/16 11:23:16.0564 4364 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/06/16 11:23:16.0830 4364 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/06/16 11:23:16.0928 4364 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/06/16 11:23:17.0064 4364 mfeapfk (fb752feb1ed4e660ff51712892905c04) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/16 11:23:17.0363 4364 mfeavfk (3257cf681999a47d8c552dfbbeb7844e) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/16 11:23:17.0640 4364 mfefirek (00016d7ed29a95d6f7e7b6a3f591fd2d) C:\Windows\system32\drivers\mfefirek.sys
2011/06/16 11:23:17.0888 4364 mfehidk (39030c98198f02a2f3a1c3166bf56253) C:\Windows\system32\drivers\mfehidk.sys
2011/06/16 11:23:18.0127 4364 mfenlfk (217fa02439de74844b6a39aebeed24e1) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/16 11:23:18.0329 4364 mferkdet (8474e6ee0b5eab108cf005c6c4956e75) C:\Windows\system32\drivers\mferkdet.sys
2011/06/16 11:23:18.0666 4364 mfewfpk (d4cf36f1eba374fcc35903ae4f4e46bc) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/16 11:23:19.0195 4364 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/06/16 11:23:19.0261 4364 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 11:23:19.0396 4364 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/16 11:23:19.0491 4364 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 11:23:19.0558 4364 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 11:23:19.0665 4364 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/06/16 11:23:19.0740 4364 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 11:23:19.0877 4364 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/16 11:23:20.0006 4364 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 11:23:20.0088 4364 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 11:23:20.0343 4364 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 11:23:20.0721 4364 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 11:23:20.0946 4364 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/06/16 11:23:21.0035 4364 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/06/16 11:23:21.0167 4364 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 11:23:21.0279 4364 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/06/16 11:23:21.0427 4364 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 11:23:21.0497 4364 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 11:23:21.0572 4364 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 11:23:21.0670 4364 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 11:23:21.0774 4364 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/16 11:23:22.0081 4364 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 11:23:22.0244 4364 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/06/16 11:23:22.0409 4364 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 11:23:22.0656 4364 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/06/16 11:23:22.0770 4364 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 11:23:22.0864 4364 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 11:23:22.0953 4364 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 11:23:23.0018 4364 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 11:23:23.0145 4364 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 11:23:23.0259 4364 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 11:23:23.0463 4364 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/06/16 11:23:23.0602 4364 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 11:23:23.0733 4364 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 11:23:24.0698 4364 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 11:23:25.0157 4364 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/06/16 11:23:25.0419 4364 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
2011/06/16 11:23:25.0682 4364 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 11:23:25.0771 4364 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 11:23:25.0831 4364 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/06/16 11:23:26.0105 4364 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/06/16 11:23:26.0333 4364 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/06/16 11:23:26.0481 4364 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 11:23:26.0609 4364 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/06/16 11:23:26.0685 4364 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/06/16 11:23:26.0918 4364 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/06/16 11:23:27.0385 4364 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/06/16 11:23:27.0940 4364 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 11:23:28.0148 4364 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/06/16 11:23:28.0290 4364 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/16 11:23:28.0593 4364 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/06/16 11:23:28.0715 4364 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/06/16 11:23:28.0866 4364 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 11:23:28.0936 4364 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 11:23:29.0056 4364 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 11:23:29.0284 4364 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 11:23:29.0408 4364 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/16 11:23:29.0516 4364 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 11:23:29.0589 4364 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 11:23:29.0715 4364 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/06/16 11:23:29.0875 4364 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 11:23:29.0958 4364 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 11:23:30.0111 4364 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/16 11:23:30.0228 4364 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/16 11:23:30.0342 4364 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/06/16 11:23:30.0579 4364 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/16 11:23:30.0749 4364 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/16 11:23:30.0846 4364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 11:23:30.0945 4364 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/06/16 11:23:31.0009 4364 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/06/16 11:23:31.0091 4364 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/06/16 11:23:31.0232 4364 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/06/16 11:23:31.0298 4364 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/16 11:23:31.0365 4364 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/16 11:23:31.0433 4364 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/06/16 11:23:31.0536 4364 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/06/16 11:23:31.0594 4364 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/06/16 11:23:31.0735 4364 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 11:23:31.0929 4364 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/06/16 11:23:32.0076 4364 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 11:23:32.0268 4364 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 11:23:32.0448 4364 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 11:23:32.0723 4364 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/16 11:23:32.0936 4364 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/16 11:23:33.0017 4364 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/06/16 11:23:33.0067 4364 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/06/16 11:23:33.0125 4364 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/06/16 11:23:33.0900 4364 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 11:23:34.0156 4364 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 11:23:34.0259 4364 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 11:23:34.0326 4364 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 11:23:34.0396 4364 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 11:23:34.0479 4364 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 11:23:34.0563 4364 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/16 11:23:34.0743 4364 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 11:23:34.0818 4364 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/16 11:23:34.0893 4364 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 11:23:34.0960 4364 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/06/16 11:23:35.0042 4364 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 11:23:35.0190 4364 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/16 11:23:35.0272 4364 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/06/16 11:23:35.0366 4364 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/06/16 11:23:35.0455 4364 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/06/16 11:23:35.0521 4364 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/16 11:23:35.0648 4364 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/16 11:23:35.0718 4364 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/06/16 11:23:35.0809 4364 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/16 11:23:35.0909 4364 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/16 11:23:36.0001 4364 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/16 11:23:36.0064 4364 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/16 11:23:36.0162 4364 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/16 11:23:36.0233 4364 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/16 11:23:36.0307 4364 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/16 11:23:36.0400 4364 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/16 11:23:36.0545 4364 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 11:23:36.0619 4364 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/06/16 11:23:36.0686 4364 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/06/16 11:23:36.0849 4364 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/06/16 11:23:36.0947 4364 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 11:23:37.0057 4364 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/06/16 11:23:37.0141 4364 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/06/16 11:23:37.0253 4364 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/06/16 11:23:37.0371 4364 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 11:23:37.0415 4364 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 11:23:37.0547 4364 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/06/16 11:23:37.0777 4364 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 11:23:38.0094 4364 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/16 11:23:38.0441 4364 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/16 11:23:38.0614 4364 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/16 11:23:38.0690 4364 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 11:23:38.0787 4364 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/06/16 11:23:38.0918 4364 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 11:23:39.0028 4364 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
2011/06/16 11:23:39.0070 4364 ================================================================================
2011/06/16 11:23:39.0070 4364 Scan finished
2011/06/16 11:23:39.0070 4364 ================================================================================
2011/06/16 11:23:39.0109 2988 Detected object count: 0
2011/06/16 11:23:39.0109 2988 Actual detected object count: 0
2011/06/16 11:27:50.0537 5920 Deinitialize success

When I tried to run the next one the first time, windows shut down and i got a blue screen with a lot of stuff on it...basically telling me it was an unexpected shutdown and if it was the first time I had seen that to restart my computer (which I did manually by turning it off)
Do I try running it again??? or what?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Skip aswMBR for now and go on with the rest. Usually if TDSSKiller doesn't see anything then aswMBR won't find anything either.
  • 0

#5
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Process PID CPU Private Bytes Working Set Description Company Name
igfxsrvc.exe 4320 35.12 2,848 K 6,824 K igfxsrvc Module Intel Corporation
WmiPrvSE.exe 2936 16.44 9,524 K 15,832 K WMI Provider Host Microsoft Corporation
System Idle Process 0 14.20 0 K 24 K
firefox.exe 1964 8.22 392,000 K 390,044 K Firefox Mozilla Corporation
svchost.exe 1004 5.23 7,348 K 11,780 K Host Process for Windows Services Microsoft Corporation
igfxpers.exe 4360 5.23 2,592 K 6,368 K persistence Module Intel Corporation
dwm.exe 1876 5.23 37,912 K 37,684 K Desktop Window Manager Microsoft Corporation
procexp64.exe 1248 4.48 23,172 K 34,276 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 816 2.24 31,536 K 45,032 K Host Process for Windows Services Microsoft Corporation
plugin-container.exe 5136 1.49 218,156 K 222,776 K Plugin Container for Firefox Mozilla Corporation
Interrupts n/a 1.49 0 K 0 K Hardware Interrupts and DPCs
spoolsv.exe 1748 0.75 10,084 K 18,852 K Spooler SubSystem App Microsoft Corporation
System 4 < 0.01 0 K 6,052 K
csrss.exe 684 < 0.01 3,688 K 10,032 K Client Server Runtime Process Microsoft Corporation
wmpnetwk.exe 2808 < 0.01 15,228 K 23,252 K Windows Media Player Network Sharing Service Microsoft Corporation
Weather.exe 4464 < 0.01 16,704 K 1,276 K AWS Convergence Technologies, Inc.
PanelApp.exe 4488 < 0.01 22,284 K 31,272 K
explorer.exe 1980 < 0.01 35,044 K 58,132 K Windows Explorer Microsoft Corporation
csrss.exe 628 < 0.01 2,744 K 7,452 K Client Server Runtime Process Microsoft Corporation
lsass.exe 748 < 0.01 5,724 K 13,344 K Local Security Authority Process Microsoft Corporation
svchost.exe 524 < 0.01 16,964 K 17,600 K Host Process for Windows Services Microsoft Corporation
wlanext.exe 1672 < 0.01 2,544 K 6,548 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
hkcmd.exe 4296 < 0.01 2,484 K 6,388 K hkcmd Module Intel Corporation
stacsv64.exe 988 < 0.01 8,460 K 7,880 K IDT PC Audio IDT, Inc.
Apoint.exe 3848 < 0.01 3,248 K 8,380 K Alps Pointing-device Driver Alps Electric Co., Ltd.
ApMsgFwd.exe 1424 < 0.01 1,460 K 3,504 K ApMsgFwd Alps Electric Co., Ltd.
svchost.exe 3132 < 0.01 4,328 K 8,452 K Host Process for Windows Services Microsoft Corporation
mcshield.exe 1780 < 0.01 197,680 K 92,668 K McAfee On-Access Scanner service McAfee, Inc.
audiodg.exe 1112 < 0.01 14,304 K 17,660 K Windows Audio Device Graph Isolation Microsoft Corporation
McSvHost.exe 3412 < 0.01 44,400 K 21,296 K McAfee Service Host McAfee, Inc.
svchost.exe 568 < 0.01 137,700 K 146,688 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 2572 < 0.01 109,984 K 80,876 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1224 < 0.01 11,720 K 20,460 K Host Process for Windows Services Microsoft Corporation
QPSched.exe 2772 < 0.01 2,968 K 7,592 K CLSched Module
taskeng.exe 940 < 0.01 10,828 K 13,944 K Task Scheduler Engine Microsoft Corporation
hpservice.exe 1320 < 0.01 3,324 K 5,952 K HpService Hewlett-Packard Corporation
wmpnscfg.exe 5008 2,356 K 6,684 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 536 4,060 K 8,448 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 2072 1,536 K 3,640 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 1872 8,388 K 15,964 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 788 2,908 K 7,580 K Windows Logon Application Microsoft Corporation
wininit.exe 664 1,772 K 5,100 K Windows Start-Up Application Microsoft Corporation
ViewpointService.exe 2984 1,900 K 5,472 K ViewMgr Viewpoint Corporation
taskeng.exe 1908 2,768 K 7,668 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1496 19,720 K 21,556 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3056 1,128 K 2,844 K Host Process for Windows Services Microsoft Corporation
svchost.exe 944 3,536 K 7,824 K Host Process for Windows Services Microsoft Corporation
svchost.exe 344 73,572 K 42,736 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2172 6,344 K 11,320 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1160 2,900 K 6,388 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1772 16,320 K 21,256 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2188 2,644 K 4,216 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2344 3,940 K 8,088 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2700 2,312 K 5,980 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2948 4,984 K 8,836 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3040 6,596 K 10,864 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4708 2,520 K 6,516 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 4160 8,992 K 17,664 K IDT PC Audio IDT, Inc.
sqlwriter.exe 2884 4,296 K 8,840 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2532 41,272 K 2,808 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 2856 1,524 K 4,608 K SQL Browser Service EXE Microsoft Corporation
smss.exe 560 472 K 992 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1184 8,552 K 13,440 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 720 3,368 K 8,312 K Services and Controller app Microsoft Corporation
SeaPort.exe 2816 5,548 K 9,820 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 5052 2,520 K 3,612 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2500 2,248 K 2,948 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2516 2,748 K 5,148 K Windows host process (Rundll32) Microsoft Corporation
QPCapSvc.exe 2720 14,664 K 15,228 K CLCapSvc Module
QLBCTRL.exe 4764 4,328 K 10,048 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 1596 3,492 K 9,256 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mfevtps.exe 2460 5,872 K 8,860 K McAfee Process Validation Service McAfee, Inc.
mfefire.exe 3296 4,792 K 7,840 K McAfee Core Firewall Service McAfee, Inc.
mcsacore.exe 2444 10,952 K 8,636 K SiteAdvisor McAfee, Inc.
mcagent.exe 4788 26,568 K 1,432 K McAfee Security Center McAfee, Inc.
lsm.exe 756 3,256 K 5,484 K Local Session Manager Service Microsoft Corporation
inetinfo.exe 2404 11,040 K 18,896 K Internet Information Services Microsoft Corporation
igfxtray.exe 4256 2,304 K 6,144 K igfxTray Module Intel Corporation
hpwuschd2.exe 4796 1,264 K 4,428 K hpwuSchd Application Hewlett-Packard
HPWAMain.exe 4976 34,416 K 32,680 K HP Wireless Assistant Main Program Hewlett-Packard Company
hpqWmiEx.exe 312 3,176 K 7,384 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 4696 5,120 K 12,904 K HP Digital Imaging Monitor Hewlett-Packard Co.
HpqToaster.exe 5304 2,652 K 8,728 K HpqToaster Module
HPKBDAPP.exe 4108 7,184 K 8,028 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPHC_Service.exe 2440 29,448 K 12,248 K HP Support Assistant Hewlett-Packard Company
HPDrvMntSvc.exe 2232 1,204 K 4,104 K HP Quick Synchronization Service Hewlett-Packard Company
hpCaslNotification.exe 5360 32,140 K 10,448 K hpCaslNotification Hewlett-Packard Development Company L.P.
ehtray.exe 4428 2,284 K 2,316 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 4672 1,952 K 5,768 K Media Center Media Status Aggregator Service Microsoft Corporation
Com4QLBEx.exe 4828 1,496 K 5,420 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 2788 1,600 K 4,988 K STServices
ApntEx.exe 4056 2,124 K 4,936 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 2156 1,196 K 2,972 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 2140 764 K 2,216 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation

the others will follow
  • 0

#6
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
every time I try to go to the snapfiles site my macafee pops up a warning and when I click go anyway, firefox crashes...I cannot get there
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Looks like Process Explorer has found the problem.

igfxsrvc.exe is eating up your CPU time. This is an Intel driver for the display. There are problems with the Windows update to this that cause it to try to run two copies. Sometimes you can fix it by going into the device manager and uninstalling the Display Adapters. (Right click on Computer and select Manage (continue) then Device Manager. Find the Display Adapter section and click on the + in front of it so you can see the DisplayAdapters. Right click on each and Uninstall then reboot.

Run Process Explorer again and see if igfxsrvc.exe is still at the top.

IF so then go to HP's site and find the display adapter for your PC and download and install it.

If all else fails you can just use msconfig to turn it off.

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator, (Continue) then type: mconfig and hit Enter. Look under the Services and Startup tabs for items which start with igfx and uncheck them then reboot.

Tell msconfig not to bother you in the future. See if that works.

Ron

PS That's the second report that SIW is not working so I will have to try it myself and see what is wrong.
  • 0

#8
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
the temps are running around 79C-81C...got to the site using opera...
now rebooting to start the next process...will post results in a bit
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
It must be something that McAfee is doing. (They are getting better at preventing our tools from working - and worse at stopping viruses. When your subscription expires I would dump them and install the free Avast. http://www.avast.com...ivirus-download) I have Avast and it works fine. Downloaded it and ran it and no problems.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
80 C is a bit hot for a laptop (60 is more normal) but it could be because of the intel driver running it too hard. Make sure it is is on a flat surface and that nothing is blocking the vents and that it is not near a source of heat or in direct sunlight. Does the fan come on?
  • 0

Advertisements


#11
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
I have it sitting on an external fan that stays on all the time cause it has run hot for God knows how long...
I just went into the msconfig thing and unchecked two things that said igfx...I've had that program open so often over the past week its at the top of the frequently used programs list

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 16/06/2011 2:03:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2011 5:31:54 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/06/2011 5:31:54 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Log: 'System' Date/Time: 16/06/2011 5:30:30 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/06/2011 5:30:14 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 5:16:16 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 5:16:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/06/2011 5:16:16 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.

Log: 'System' Date/Time: 16/06/2011 5:15:43 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2011 5:06:05 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/06/2011 5:06:05 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 16/06/2011 2:07:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/06/2011 5:32:48 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 16/06/2011 5:32:48 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 16/06/2011 5:30:13 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 16/06/2011 5:29:59 PM
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

Log: 'Application' Date/Time: 16/06/2011 5:18:40 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 16/06/2011 5:18:40 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE TOTAL PROTECTION.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 16/06/2011 5:16:04 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 16/06/2011 5:15:44 PM
Type: Error Category: 0
Event: 11 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/06/2011 5:28:12 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1844 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 16/06/2011 5:05:59 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1748 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
You are having a problem with Windows Media Player Network Sharing Service You might want to use msconfig to turn it off too. Don't think it's something anybody really needs.

Ditto for the Windows Search service.

Can you run Process Explorer again and post the new log?
  • 0

#13
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 79.42 0 K 24 K
mcshield.exe 3164 5.11 189,528 K 56,348 K McAfee On-Access Scanner service McAfee, Inc.
WmiPrvSE.exe 3560 4.54 9,132 K 15,696 K
procexp64.exe 1196 4.54 20,604 K 30,916 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
firefox.exe 4108 2.84 225,672 K 240,224 K Firefox Mozilla Corporation
dwm.exe 1740 1.70 39,044 K 38,088 K Desktop Window Manager Microsoft Corporation
Interrupts n/a 1.13 0 K 0 K Hardware Interrupts and DPCs
svchost.exe 676 0.57 30,100 K 43,572 K Host Process for Windows Services Microsoft Corporation
plugin-container.exe 2060 < 0.01 22,788 K 27,860 K Plugin Container for Firefox Mozilla Corporation
Weather.exe 3968 < 0.01 45,600 K 3,784 K AWS Convergence Technologies, Inc.
igfxsrvc.exe 4380 < 0.01 2,560 K 6,544 K igfxsrvc Module Intel Corporation
explorer.exe 1704 < 0.01 32,708 K 51,676 K Windows Explorer Microsoft Corporation
ApMsgFwd.exe 4216 < 0.01 1,472 K 3,544 K
PanelApp.exe 3988 < 0.01 22,508 K 31,208 K
hkcmd.exe 3952 < 0.01 2,512 K 6,440 K hkcmd Module Intel Corporation
Apoint.exe 3928 < 0.01 3,232 K 8,504 K Alps Pointing-device Driver Alps Electric Co., Ltd.
hpqtra08.exe 4016 < 0.01 5,160 K 12,820 K HP Digital Imaging Monitor Hewlett-Packard Co.
taskeng.exe 1972 < 0.01 10,812 K 13,788 K Task Scheduler Engine Microsoft Corporation
wmpnscfg.exe 4356 2,508 K 6,752 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
wmpnetwk.exe 2220 14,988 K 22,876 K Windows Media Player Network Sharing Service Microsoft Corporation
WmiPrvSE.exe 4452 3,984 K 8,408 K
WLIDSVCM.EXE 2572 1,524 K 3,632 K
WLIDSVC.EXE 768 8,296 K 15,872 K
wlanext.exe 1796 2,580 K 6,576 K
winlogon.exe 864 2,728 K 7,240 K
wininit.exe 664 1,764 K 5,100 K
ViewpointService.exe 3036 1,904 K 5,452 K ViewMgr Viewpoint Corporation
taskeng.exe 1896 2,752 K 7,640 K
System 4 0 K 6,116 K
svchost.exe 1496 19,152 K 20,132 K Host Process for Windows Services Microsoft Corporation
svchost.exe 708 152,084 K 160,632 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1012 6,100 K 10,444 K Host Process for Windows Services Microsoft Corporation
svchost.exe 572 16,872 K 17,920 K Host Process for Windows Services Microsoft Corporation
svchost.exe 952 3,964 K 7,884 K Host Process for Windows Services Microsoft Corporation
svchost.exe 364 72,364 K 41,588 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1184 2,900 K 6,360 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1244 10,832 K 19,504 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2016 16,212 K 21,772 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2248 6,260 K 11,300 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2264 2,640 K 4,212 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2336 3,960 K 8,048 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2716 1,324 K 3,788 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2744 1,276 K 3,468 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2772 2,300 K 5,952 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3000 4,804 K 8,616 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1008 6,300 K 10,620 K Host Process for Windows Services Microsoft Corporation
svchost.exe 780 1,128 K 2,852 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3832 4,244 K 8,088 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5684 2,328 K 6,300 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 3944 8,816 K 17,328 K IDT PC Audio IDT, Inc.
stacsv64.exe 960 8,500 K 7,924 K IDT PC Audio IDT, Inc.
sqlwriter.exe 2976 4,292 K 8,828 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2672 44,896 K 10,372 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 2932 1,536 K 4,612 K SQL Browser Service EXE Microsoft Corporation
spoolsv.exe 1980 9,984 K 18,144 K Spooler SubSystem App Microsoft Corporation
smss.exe 560 472 K 984 K
SLsvc.exe 1212 8,536 K 13,432 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 720 3,264 K 8,244 K
SearchProtocolHost.exe 5464 5,484 K 10,884 K
SearchIndexer.exe 2188 107,292 K 23,016 K Microsoft Windows Search Indexer Microsoft Corporation
SearchFilterHost.exe 4476 3,780 K 6,720 K
SeaPort.exe 2884 5,496 K 9,696 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 4500 2,536 K 3,640 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2540 2,248 K 2,948 K
rundll32.exe 2552 2,740 K 5,156 K
QPSched.exe 2824 2,984 K 7,572 K CLSched Module
QPCapSvc.exe 2800 14,672 K 15,164 K CLCapSvc Module
QLBCTRL.exe 3428 4,156 K 9,768 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 5940 3,476 K 9,204 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mfevtps.exe 2456 5,352 K 8,216 K McAfee Process Validation Service McAfee, Inc.
mfefire.exe 3216 4,576 K 7,608 K McAfee Core Firewall Service McAfee, Inc.
McSvHost.exe 3296 43,068 K 11,512 K McAfee Service Host McAfee, Inc.
mcsacore.exe 2440 9,364 K 5,220 K SiteAdvisor McAfee, Inc.
mcagent.exe 1300 29,388 K 2,184 K McAfee Security Center McAfee, Inc.
lsm.exe 740 3,256 K 5,460 K
lsass.exe 732 6,224 K 13,524 K Local Security Authority Process Microsoft Corporation
inetinfo.exe 2424 11,088 K 18,900 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 3628 1,260 K 4,400 K hpwuSchd Application Hewlett-Packard
HPWAMain.exe 1360 34,100 K 31,136 K HP Wireless Assistant Main Program Hewlett-Packard Company
hpservice.exe 1324 3,328 K 5,968 K HpService Hewlett-Packard Corporation
hpqWmiEx.exe 4268 3,084 K 7,284 K hpqwmiex Module Hewlett-Packard Company
HpqToaster.exe 3080 2,616 K 8,580 K HpqToaster Module
HPKBDAPP.exe 3936 7,176 K 7,996 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPHC_Service.exe 5320 29,468 K 12,212 K HP Support Assistant Hewlett-Packard Company
HPDrvMntSvc.exe 2296 1,208 K 4,092 K HP Quick Synchronization Service Hewlett-Packard Company
hpCaslNotification.exe 1656 32,012 K 9,060 K hpCaslNotification Hewlett-Packard Development Company L.P.
ehtray.exe 3960 2,272 K 2,032 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 4312 1,944 K 5,724 K Media Center Media Status Aggregator Service Microsoft Corporation
csrss.exe 684 3,676 K 9,432 K
csrss.exe 628 2,732 K 7,480 K
Com4QLBEx.exe 5040 1,496 K 5,400 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 2860 1,596 K 4,980 K STServices
audiodg.exe 1128 14,268 K 17,668 K
ApntEx.exe 1944 2,132 K 4,888 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 2236 1,200 K 2,976 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 2200 764 K 2,216 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation
  • 0

#14
BeckyH

BeckyH

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
this the latest...
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 64.16 0 K 24 K
svchost.exe 372 11.60 75,792 K 41,956 K Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 4148 10.05 8,280 K 13,688 K
explorer.exe 1736 6.18 30,108 K 46,296 K Windows Explorer Microsoft Corporation
System 4 2.32 0 K 6,124 K
Interrupts n/a 1.55 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1712 1.55 38,016 K 35,564 K Desktop Window Manager Microsoft Corporation
procexp64.exe 5792 0.77 20,488 K 30,516 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
firefox.exe 5096 0.77 108,248 K 121,120 K Firefox Mozilla Corporation
csrss.exe 684 0.77 3,052 K 11,884 K
plugin-container.exe 2496 < 0.01 19,556 K 23,360 K Plugin Container for Firefox Mozilla Corporation
Weather.exe 2888 < 0.01 46,024 K 3,692 K AWS Convergence Technologies, Inc.
ApntEx.exe 4500 < 0.01 2,352 K 5,184 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
igfxsrvc.exe 2368 < 0.01 2,324 K 6,120 K igfxsrvc Module Intel Corporation
PanelApp.exe 3044 < 0.01 20,212 K 27,380 K
ApMsgFwd.exe 5100 < 0.01 1,496 K 3,524 K
Apoint.exe 1244 < 0.01 3,452 K 8,976 K Alps Pointing-device Driver Alps Electric Co., Ltd.
hkcmd.exe 2816 < 0.01 2,416 K 6,288 K hkcmd Module Intel Corporation
taskeng.exe 1432 < 0.01 10,736 K 13,272 K Task Scheduler Engine Microsoft Corporation
wmpnscfg.exe 4136 2,524 K 6,700 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 4904 4,024 K 8,196 K
WLIDSVCM.EXE 3468 1,564 K 3,632 K
WLIDSVC.EXE 3204 8,392 K 15,840 K
wlanext.exe 1616 2,628 K 6,576 K
winlogon.exe 876 2,760 K 7,176 K
wininit.exe 664 1,752 K 5,096 K
w3wp.exe 3844 9,664 K 19,344 K
ViewpointService.exe 3076 1,948 K 5,488 K ViewMgr Viewpoint Corporation
taskeng.exe 1844 2,792 K 7,660 K
svchost.exe 528 113,964 K 123,548 K Host Process for Windows Services Microsoft Corporation
svchost.exe 536 35,648 K 44,340 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1012 5,760 K 10,084 K Host Process for Windows Services Microsoft Corporation
svchost.exe 452 18,124 K 16,316 K Host Process for Windows Services Microsoft Corporation
svchost.exe 952 3,840 K 7,640 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1180 2,780 K 6,240 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1228 10,780 K 18,168 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1488 19,548 K 21,012 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1924 16,656 K 22,356 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2304 6,288 K 11,240 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2460 3,996 K 8,048 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2904 1,324 K 3,780 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2936 1,280 K 3,456 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2956 2,288 K 5,936 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2228 4,912 K 8,672 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3156 6,292 K 10,552 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3184 1,136 K 2,836 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4560 4,148 K 7,860 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5112 2,328 K 6,324 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 2132 8,872 K 17,280 K IDT PC Audio IDT, Inc.
stacsv64.exe 608 8,348 K 7,748 K IDT PC Audio IDT, Inc.
sqlwriter.exe 960 4,356 K 8,720 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2580 44,512 K 2,056 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 996 1,532 K 4,612 K SQL Browser Service EXE Microsoft Corporation
spoolsv.exe 1900 9,120 K 16,704 K Spooler SubSystem App Microsoft Corporation
smss.exe 560 472 K 988 K
SLsvc.exe 1200 8,584 K 13,436 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 720 3,304 K 8,240 K
SeaPort.exe 1336 5,724 K 9,864 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 4188 2,528 K 3,632 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2632 2,260 K 2,956 K
rundll32.exe 2652 2,840 K 5,204 K
QLBCTRL.exe 2020 4,384 K 9,828 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 5480 3,480 K 7,288 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mfevtps.exe 2552 5,616 K 8,496 K McAfee Process Validation Service McAfee, Inc.
mfefire.exe 3360 4,132 K 7,092 K McAfee Core Firewall Service McAfee, Inc.
McSvHost.exe 3720 42,196 K 5,384 K McAfee Service Host McAfee, Inc.
mcshield.exe 3276 195,720 K 39,764 K McAfee On-Access Scanner service McAfee, Inc.
mcsacore.exe 2508 9,128 K 16,836 K SiteAdvisor McAfee, Inc.
mcagent.exe 1084 31,596 K 736 K McAfee Security Center McAfee, Inc.
lsm.exe 740 3,272 K 5,480 K
lsass.exe 732 6,144 K 13,284 K Local Security Authority Process Microsoft Corporation
inetinfo.exe 2484 11,100 K 18,880 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 1756 1,316 K 4,452 K hpwuSchd Application Hewlett-Packard
HPWAMain.exe 3124 33,964 K 30,764 K HP Wireless Assistant Main Program Hewlett-Packard Company
hpservice.exe 1328 3,364 K 5,980 K HpService Hewlett-Packard Corporation
hpqWmiEx.exe 4708 3,252 K 7,096 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 1216 5,124 K 12,792 K HP Digital Imaging Monitor Hewlett-Packard Co.
HpqToaster.exe 3100 2,652 K 8,336 K HpqToaster Module
HPKBDAPP.exe 1168 7,204 K 7,932 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPHC_Service.exe 5472 30,504 K 12,180 K HP Support Assistant Hewlett-Packard Company
HPDrvMntSvc.exe 2336 1,264 K 4,124 K HP Quick Synchronization Service Hewlett-Packard Company
hpCaslNotification.exe 4344 32,012 K 8,788 K hpCaslNotification Hewlett-Packard Development Company L.P.
ehtray.exe 2836 2,296 K 1,508 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 2880 1,940 K 5,736 K Media Center Media Status Aggregator Service Microsoft Corporation
csrss.exe 628 2,972 K 7,584 K
Com4QLBEx.exe 4720 1,536 K 5,304 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 2980 1,644 K 4,868 K STServices
audiodg.exe 1132 14,264 K 17,644 K
agr64svc.exe 2288 1,196 K 2,956 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 2268 772 K 2,220 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Sorry for the delay. I'm recovering from the flu (stupid flu shot didn't work this year) and have to take frequent naps.

It appears you have lost your beep.sys file somewhere. It should be in C:\windows\System32\drivers\beep.sys

If you right click on Computer and select Manage (Continue) then Device Manager then View, Show Hidden Devices you will be able to see "Beep" if you click on the + in front of Non-Plug and Play Drivers.

I would expect it to have a red mark next to it since the event log says it did not start.

I've attached a beep.sys from my vista in zip format to this post. Download and Save the beep.zip file then right click on it and Extract All and you should have a folder called Beep with the file beep.sys inside. Copy the file and paste it into C:\windows\system32\drivers.

Once you have done that, reboot and then go into Device Manager and see if Beep still has a red mark.

Also uninstall the Adobe Download Manager.

Looking back at your Combofix file it appears you are running IIS. This allows you to run a webserver on your PC. Is this intentional?

You are also running SQL Server and having problems with it. Do you know why this is trying to run?

What is the difference between your last two Process Explorer logs?

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP