Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus in vista!

Started by feldo , Jul 30 2011 03:13 PM

  • Please log in to reply

#1
feldo
Posted 30 July 2011 - 03:13 PM

feldo

    New Member

  • Member
  • Pip
  • 7 posts
Hi Guys
Tried in vain so far to search for any help that could rescue my vista running lappy. Approx 1 week ago I downloaded a film from how shall I put it, a dodgy site! immediatly after i tried to open the film i got a barrage of script errors telling me i was infected with spyware etc. I tried running a full scan with my symantics but i think the malware is blocking it from starting, I now can only now login in the safe mode as it says something like user profile cannot be found.
Also if i start task manager it will stay on for about 3 seconds then close. And my anti virus cannot start it gives me an error code: 0x20000003.
Any advice or help would be appreciated guys.
Below is the results of the OTL SCAN

OTL logfile created on: 30/07/2011 21:39:39 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.51% Memory free
6.19 Gb Paging File | 5.77 Gb Available in Paging File | 93.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.63 Gb Total Space | 8.08 Gb Free Space | 5.63% Space Free | Partition Type: NTFS
Drive D: | 149.04 Gb Total Space | 67.33 Gb Free Space | 45.18% Space Free | Partition Type: NTFS

Computer Name: LEE-PC | User Name: Lee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/30 21:38:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2011/07/27 23:04:21 | 000,038,916 | ---- | M] () -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2011/07/27 23:04:21 | 000,038,916 | ---- | M] () -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2010/09/28 20:14:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/30 21:38:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2011/07/08 02:08:07 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/07/08 02:07:37 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
MOD - [2011/07/08 02:07:37 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [Auto | Stopped] -- -- (szserver)
SRV - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/25 00:32:52 | 000,619,000 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/03/24 17:04:32 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/09/14 19:38:42 | 000,648,488 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007/03/31 06:15:38 | 000,202,288 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/03/31 06:15:32 | 000,091,696 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007/03/02 06:07:28 | 000,055,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007/02/12 21:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/09 04:03:26 | 000,569,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2006/11/28 14:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 14:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 14:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/23 01:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/23 01:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/16 00:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/11/03 04:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/31 18:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/06/15 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110722.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/06/15 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110722.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/16 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/13 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/10/15 13:56:12 | 000,902,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm228.sys -- (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228)
DRV - [2009/10/15 13:56:05 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/15 13:56:04 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/10/15 13:55:58 | 000,138,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/01/30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/14 19:36:56 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/09/14 19:36:54 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/01/19 06:53:35 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/01/19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/10/25 02:12:20 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/17 14:31:26 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/06/17 13:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/06/12 11:08:48 | 000,054,352 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2007/06/12 11:08:42 | 000,027,216 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/22 06:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007/01/24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/19 01:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/23 00:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/23 00:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/23 00:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/09 22:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/11/08 08:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/26 20:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 20:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 22:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/13 20:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/08/30 11:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2004/02/04 13:08:23 | 000,011,520 | ---- | M] (WB Electronic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\infusb.sys -- (INFUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....10&affID=18474

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search The Web"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...10&affID=18474"
FF - prefs.js..extensions.enabledItems: {A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}:1.0
FF - prefs.js..extensions.enabledItems: {D199FFB7-7F04-43e6-864C-3AA81FA1243B}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: {C3947F4E-8894-4C04-98E0-DF182C706DDF}:1.1
FF - prefs.js..keyword.URL: "http://search.babylo...10&affID=18474"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: D:\Downloads\Programs\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: D:\Downloads\Programs\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: D:\Downloads\Programs\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/04/14 03:22:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/14 20:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/08 02:08:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/30 20:36:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/30 20:36:59 | 000,000,000 | ---D | M]

[2011/07/29 03:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/08 02:05:23 | 000,000,000 | ---D | M] (Browser Enhancements) -- C:\Program Files\Mozilla Firefox\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/07/08 02:05:24 | 000,000,000 | ---D | M] (Browser Coupons) -- C:\Program Files\Mozilla Firefox\extensions\{D199FFB7-7F04-43e6-864C-3AA81FA1243B}
[2011/06/14 20:58:57 | 000,000,000 | ---D | M] ("Search Helper Extension") -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
[2011/04/14 03:22:13 | 000,000,000 | ---D | M] (Bing Bar) -- C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1423.0\FIREFOX
[2011/07/08 02:08:07 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\TEMP.LEE-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV2WAIAK.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\TEMP.LEE-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV2WAIAK.DEFAULT\EXTENSIONS\{C3947F4E-8894-4C04-98E0-DF182C706DDF}
File not found (No name found) -- C:\USERS\TEMP.LEE-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV2WAIAK.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\TEMP.LEE-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV2WAIAK.DEFAULT\EXTENSIONS\[email protected]
[2011/07/30 20:37:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/07/30 20:37:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml.moz-backup
[2011/07/28 04:43:28 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/07/30 20:37:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/07/30 20:37:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml.moz-backup
[2011/07/30 20:37:00 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/30 20:37:00 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml.moz-backup
[2010/12/08 22:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml
[2011/07/30 20:37:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[2011/07/30 20:37:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml.moz-backup

Hosts file not found
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - File not found
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Browser Coupons) - {513ECFF3-C9D8-421E-B216-7C9D594942EE} - C:\Program Files\Xvid\BrowserCoupons.dll (TODO: <Company name>)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lee\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - File not found
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - File not found
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe ()
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] File not found
O4 - HKLM..\Run: [apihostproxy.exe] C:\Users\Lee\AppData\Roaming\apihostproxy.exe ()
O4 - HKLM..\Run: [autoauthpage.exe] C:\Users\Lee\AppData\Roaming\autoauthpage.exe ()
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE ()
O4 - HKLM..\Run: [BabylonToolbar] File not found
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1226061335\ee\AOLSoftware.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe ()
O4 - HKLM..\Run: [KB264824177.exe] C:\Users\Lee\AppData\Roaming\Adobe\plugs\KB264824177.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (Lenovo)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe ()
O4 - HKLM..\Run: [RDesc] File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe ()
O4 - HKCU..\Run: [8DDYX0ZBPZ] File not found
O4 - HKCU..\Run: [XMZH42I4GI] File not found
O4 - HKLM..\RunOnce: [*apihostproxy .exe] C:\Users\Lee\AppData\Roaming\apihostproxy .exe (iF© Systems)
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/30 21:04:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/07/29 01:44:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\Newsbin Download
[2011/07/29 00:10:05 | 000,000,000 | ---D | C] -- C:\F
[2011/07/29 00:10:05 | 000,000,000 | ---D | C] -- \F
[2011/07/28 19:39:07 | 000,000,000 | ---D | C] -- C:\E
[2011/07/28 19:39:07 | 000,000,000 | ---D | C] -- \E
[2011/07/28 16:48:59 | 000,000,000 | ---D | C] -- C:\D
[2011/07/28 16:48:59 | 000,000,000 | ---D | C] -- \D
[2011/07/28 04:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/07/28 00:53:01 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/28 00:52:21 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2011/07/27 23:13:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Client Security Solution
[2011/07/27 23:05:02 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2011/07/25 17:59:38 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/07/25 17:59:38 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/07/25 17:59:38 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/07/25 17:59:36 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/07/25 17:59:36 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/07/25 17:59:36 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/07/25 17:59:36 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/07/25 17:59:36 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/07/25 17:59:36 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/07/25 17:59:34 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/07/25 17:59:34 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/07/25 17:59:34 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/07/25 05:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UMPlayer
[2011/07/13 23:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2011/07/12 02:27:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\tempdir
[2011/07/12 02:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\office Convert Pdf to Jpg Jpeg Tiff Free
[2011/07/08 02:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/07/08 02:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/07/08 02:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2011/07/08 02:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/07/08 02:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/30 21:38:04 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1938627930-3945375388-280716395-1003.job
[2011/07/29 00:14:08 | 002,921,499 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.html
[2011/07/29 00:13:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 00:13:30 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/29 00:13:29 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Fmktfceupj.job
[2011/07/28 20:35:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/07/28 20:27:05 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/28 20:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/07/28 14:50:19 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/28 12:22:38 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/07/28 12:22:38 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/07/28 12:22:37 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/07/28 12:22:37 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/07/28 12:22:24 | 000,393,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/28 11:41:02 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/28 11:37:05 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/07/28 11:08:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 11:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/07/28 10:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/07/28 09:01:27 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/07/28 04:04:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/28 03:20:03 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2011/07/28 00:20:30 | 000,041,449 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2011/07/28 00:10:14 | 010,485,708 | ---- | M] () -- C:\Users\Public\Documents\Archive_AccConnAdvanced.html
[2011/07/28 00:09:38 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/07/27 23:11:33 | 000,000,965 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/27 23:04:32 | 000,069,120 | RHS- | M] () -- C:\Windows\System32\C_100216.dll
[2011/07/25 17:59:38 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2011/07/25 17:59:38 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2011/07/25 17:59:38 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2011/07/25 17:59:36 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2011/07/25 17:59:36 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2011/07/25 17:59:36 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011/07/25 17:59:36 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2011/07/25 17:59:36 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2011/07/25 17:59:36 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2011/07/25 17:59:34 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2011/07/25 17:59:34 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2011/07/25 17:59:34 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2011/07/25 05:21:22 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\UMPlayer.lnk
[2011/07/21 03:36:35 | 000,000,916 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/07/13 23:22:01 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/07/13 23:21:59 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/30 20:36:56 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1938627930-3945375388-280716395-1003.job
[2011/07/28 03:20:03 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ErrorEND.job
[2011/07/28 00:02:44 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/28 00:02:04 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/07/27 23:31:11 | 000,113,152 | ---- | C] () -- C:\Windows\Fonts\5c810g.com_
[2011/07/27 23:11:33 | 000,000,965 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/27 23:04:40 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/07/27 23:04:39 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/07/27 23:04:39 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/07/27 23:04:39 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/07/27 23:04:38 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/07/27 23:04:38 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/07/27 23:04:36 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/07/27 23:04:35 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Fmktfceupj.job
[2011/07/27 23:04:35 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/27 23:04:32 | 000,069,120 | RHS- | C] () -- C:\Windows\System32\C_100216.dll
[2011/07/27 23:04:32 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/07/27 23:04:31 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/07/27 23:04:28 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/07/27 23:04:28 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/07/27 23:04:27 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/07/27 23:04:27 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/07/27 23:04:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/07/27 23:04:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/07/27 23:04:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/07/27 23:04:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/07/27 23:04:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/07/27 23:04:24 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/07/27 23:04:24 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/07/27 23:04:24 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/07/27 23:04:23 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/07/27 23:04:22 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/07/27 23:04:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/07/25 05:21:22 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\UMPlayer.lnk
[2011/07/14 00:11:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/07/13 23:15:10 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/07/13 23:15:09 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/07/12 02:27:04 | 001,503,232 | ---- | C] () -- C:\Windows\System32\ptj.exe
[2011/07/12 02:27:04 | 001,103,360 | ---- | C] () -- C:\Windows\System32\cidfont.dll
[2011/07/12 02:27:01 | 004,369,408 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2011/07/12 02:27:01 | 000,235,008 | ---- | C] () -- C:\Windows\System32\office.exe
[2011/07/08 02:06:57 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/08 02:06:57 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/08 02:06:57 | 000,088,576 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011/06/20 20:51:35 | 000,003,137 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/06/20 20:50:35 | 000,003,220 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/06/20 20:50:08 | 000,003,178 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/06/20 03:30:24 | 000,003,012 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/06/20 02:57:31 | 000,008,451 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/06/20 02:57:25 | 000,421,552 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011/06/20 02:57:25 | 000,013,275 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/29 02:33:34 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011/02/10 05:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/20 17:58:35 | 002,217,088 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/11/20 17:58:35 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/11/20 17:58:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/11/20 17:58:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/11/20 17:58:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/06/25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/12/31 01:36:35 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jRegistryKey.dll
[2008/12/31 01:36:35 | 000,000,321 | -HS- | C] () -- C:\Windows\System32\3929855045.sys
[2008/11/21 04:00:32 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/21 04:00:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/06 21:59:22 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/18 20:29:44 | 000,642,560 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2008/07/02 21:05:33 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/02 21:05:32 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/05/10 11:57:44 | 000,000,160 | ---- | C] () -- \routerconfig.cfg
[2008/05/10 11:57:17 | 000,000,347 | ---- | C] () -- \routerconfig3.cfg
[2008/05/10 11:53:11 | 000,002,013 | ---- | C] () -- \routerconfig1.cfg
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/18 17:45:42 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2007/12/18 17:45:42 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2007/11/19 19:42:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/11/19 18:27:29 | 000,000,020 | ---- | C] () -- C:\Windows\Hposcv07.INI
[2007/11/15 02:24:14 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/11/13 02:29:58 | 000,000,865 | ---- | C] () -- C:\Windows\aolback.exe.lnk
[2007/11/13 02:23:53 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/24 18:38:08 | 000,002,984 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007/10/24 18:38:08 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\C1677678EA.sys
[2007/08/24 09:37:36 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2007/08/24 09:08:53 | 000,701,840 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 09:08:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1214.dll
[2007/08/24 09:05:08 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/08/24 08:58:39 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/24 08:49:58 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/08/24 08:32:12 | 000,000,057 | ---- | C] () -- \syslevel.lgl
[2007/05/24 21:51:58 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2007/03/29 20:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/12/05 06:26:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/10 02:04:46 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/10 02:04:45 | 000,333,203 | RHS- | C] () -- \bootmgr
[2006/11/03 04:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 13:47:37 | 000,393,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2001/11/14 21:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/07/28 00:09:38 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/07/28 09:01:27 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/07/28 10:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/07/28 11:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/07/28 20:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/07/28 12:22:37 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/07/28 12:22:37 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/07/28 12:22:38 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/07/28 12:22:38 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/07/28 03:20:03 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2011/07/29 00:13:29 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\Fmktfceupj.job
[2011/07/28 20:35:17 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/14 21:17:57 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6926F265-C93E-47A8-ACEC-B6D7C98B3160}.job
[2011/07/28 11:41:02 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/07/28 20:27:05 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/07/28 11:37:05 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 30 July 2011 - 06:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - File not found [Auto | Stopped] -- -- (szserver)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - File not found
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - File not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - File not found
O2 - BHO: (Browser Coupons) - {513ECFF3-C9D8-421E-B216-7C9D594942EE} - C:\Program Files\Xvid\BrowserCoupons.dll (TODO: <Company name>)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - File not found
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O3 - HKLM\..\Toolbar: (Webblog) - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] File not found
O4 - HKLM..\Run: [apihostproxy.exe] C:\Users\Lee\AppData\Roaming\apihostproxy.exe ()
O4 - HKLM..\Run: [autoauthpage.exe] C:\Users\Lee\AppData\Roaming\autoauthpage.exe ()
O4 - HKLM..\Run: [BabylonToolbar] File not found
O4 - HKLM..\Run: [KB264824177.exe] C:\Users\Lee\AppData\Roaming\Adobe\plugs\KB264824177.exe ()
O4 - HKLM..\Run: [RDesc] File not found
O4 - HKCU..\Run: [8DDYX0ZBPZ] File not found
O4 - HKCU..\Run: [XMZH42I4GI] File not found
O4 - HKLM..\RunOnce: [*apihostproxy .exe] C:\Users\Lee\AppData\Roaming\apihostproxy .exe (iF© Systems)
[2011/07/28 00:53:01 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/27 23:31:11 | 000,113,152 | ---- | C] () -- C:\Windows\Fonts\5c810g.com_
[2011/07/27 23:04:32 | 000,069,120 | RHS- | C] () -- C:\Windows\System32\C_100216.dll
[2011/07/28 00:09:38 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/07/28 09:01:27 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/07/28 10:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/07/28 11:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/07/28 20:01:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/07/27 23:42:46 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/07/28 12:22:37 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/07/28 12:22:37 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/07/28 12:22:38 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/07/28 12:22:38 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/07/28 03:20:03 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2011/07/29 00:13:29 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\Fmktfceupj.job

:Files
C:\Windows\Tasks\*.job
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


If I got most of it you may be able to stay in regular mode. If not go back into Safe Mode with Networking.
If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Open OTL again (right click and Run As Administrator) and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0

#3
feldo
Posted 31 July 2011 - 10:16 AM

feldo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Cheers for all your effort Ron and its really appreciated, however since running the combofix i cannot now get online to post the results, I have comandeered the daughters lappy to post this message. when i try to open a browser i get this message: c:\program files\mozzila firefox\firefox.exe illegal operation attemted on a registry key that has been marked for deletion. same with explorer.
I had worked through the list and now come to an abrupt halt! Any advice on my next steps
Regards
Lee
  • 0

#4
RKinner
Posted 31 July 2011 - 10:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Just restart it and it should be OK.
  • 0

#5
feldo
Posted 01 August 2011 - 11:32 AM

feldo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok i will try to attach the reports, and the button was enabled on the tdss killer
Many thanksAttached File  OTL.Txt   105.91KB   78 downloads

Attached Files


  • 0

#6
RKinner
Posted 01 August 2011 - 12:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You have hard drive problems:

Error - 01/08/2011 11:40:19 | Computer Name = Lee-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume SW_Preload.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

(Your drive setup is a bit strange so I expect we need to also do D: and I don't know if you can schedule two drives for the disk check at the same time or not. Try it and if it doesn't let you then go ahead and reboot and let it do C: then repeat the above for D:)

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Uninstall:
Java™ 6 Update 13
Java™ SE Runtime Environment 6
Java™ 6 Update 3
Java™ 6 Update 7
STOPzilla
Bing Bar Platform
FlashGet 3.3
Internet Download Manager

The run OTL, Quickscan and post the log.

Ron
  • 0

#7
feldo
Posted 01 August 2011 - 03:52 PM

feldo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
After rebooting the drive c still does not get scanned, drive d has been done, also there is no command prompt in the accesories folder, is this because it is still in safe mode? cannot log in in normal mode as keep getting error script message: winlogon exe corrupt, also have to close that message down by clicking 9 times.
Regards
  • 0

#8
feldo
Posted 01 August 2011 - 04:47 PM

feldo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ron i opened the comanned prompt in the safe mode and scanned the c disk, it would only do 78% of it though!
Below the results of the view, also the sigverif was:
syntpenh exe
rtlupd exe
skytel exe
nvcpl.chm
nvcpl.cpl
nvcpluir. dll
syntpco4.dll no dates shown on these!

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/08/2011 23:38:22

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:29:47
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:43
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:43
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Log: 'System' Date/Time: 01/08/2011 21:30:44
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/08/2011 21:29:47
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/08/2011 21:30:57
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 01/08/2011 21:30:34
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom 590x 10/100 Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2011 21:35:19
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/08/2011 21:36:28
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 01/08/2011 21:36:05
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom 590x 10/100 Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2011 21:37:05
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CBF98790B. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 01/08/2011 21:55:42
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/08/2011 21:56:50
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 01/08/2011 22:27:00
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom 590x 10/100 Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/08/2011 22:27:22
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.
  • 0

#9
feldo
Posted 01 August 2011 - 04:52 PM

feldo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
results of the vew application below
Cheers

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/08/2011 23:49:38

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/08/2011 21:31:20
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 21:31:42
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 01/08/2011 21:36:58
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 21:37:20
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 01/08/2011 21:57:24
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 22:27:47
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 22:28:09
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/08/2011 21:29:45
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:29:45
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:29:45
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:31:20
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:34:18
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVMain', component '{9A96A023-9BD4-463F-889B-51CAF4084E24}' failed. The resource 'C:\Program Files\Symantec AntiVirus\VPTray.exe' does not exist.

Log: 'Application' Date/Time: 01/08/2011 21:34:18
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVUI' failed during request for component '{0ABF6425-272D-4795-9BD8-F2428110EC95}'

Log: 'Application' Date/Time: 01/08/2011 21:34:18
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 01/08/2011 21:35:17
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:35:18
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:35:18
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:36:58
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:55:39
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:55:40
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:55:40
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:57:24
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 22:27:47
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 22:36:26
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVMain', component '{9A96A023-9BD4-463F-889B-51CAF4084E24}' failed. The resource 'C:\Program Files\Symantec AntiVirus\VPTray.exe' does not exist.

Log: 'Application' Date/Time: 01/08/2011 22:36:26
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVUI' failed during request for component '{0ABF6425-272D-4795-9BD8-F2428110EC95}'

Log: 'Application' Date/Time: 01/08/2011 22:36:26
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C
  • 0

#10
feldo
Posted 01 August 2011 - 05:12 PM

feldo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Still working down your list Ron, can't uninstall anything as windows installer not functioning;

the OTL log below. cheers

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/08/2011 23:49:38

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/08/2011 21:31:20
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 21:31:42
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 01/08/2011 21:36:58
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 21:37:20
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Log: 'Application' Date/Time: 01/08/2011 21:57:24
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 22:27:47
Type: Error Category: 0
Event: 1505 Source: Microsoft-Windows-User Profiles Service
Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - Access is denied.

Log: 'Application' Date/Time: 01/08/2011 22:28:09
Type: Error Category: 16
Event: 4609 Source: Microsoft-Windows-EventSystem
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/08/2011 21:29:45
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:29:45
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:29:45
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:31:20
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:34:18
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVMain', component '{9A96A023-9BD4-463F-889B-51CAF4084E24}' failed. The resource 'C:\Program Files\Symantec AntiVirus\VPTray.exe' does not exist.

Log: 'Application' Date/Time: 01/08/2011 21:34:18
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVUI' failed during request for component '{0ABF6425-272D-4795-9BD8-F2428110EC95}'

Log: 'Application' Date/Time: 01/08/2011 21:34:18
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 01/08/2011 21:35:17
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:35:18
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:35:18
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:36:58
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:55:39
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:55:40
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:55:40
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> failed a notification event.

Log: 'Application' Date/Time: 01/08/2011 21:57:24
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 22:27:47
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/08/2011 22:36:26
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVMain', component '{9A96A023-9BD4-463F-889B-51CAF4084E24}' failed. The resource 'C:\Program Files\Symantec AntiVirus\VPTray.exe' does not exist.

Log: 'Application' Date/Time: 01/08/2011 22:36:26
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}', feature 'SAVUI' failed during request for component '{0ABF6425-272D-4795-9BD8-F2428110EC95}'

Log: 'Application' Date/Time: 01/08/2011 22:36:26
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C
  • 0

#11
RKinner
Posted 01 August 2011 - 06:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Still getting these:

Log: 'System' Date/Time: 01/08/2011 21:29:45
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume SW_Preload.

Is the C: drive the one called SW_Preload?

I'd try chkdsk again. Sometimes you get lucky but it may be time to save all of your data and get ready to replace the drive.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP