Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Soolsv Malware Problem?

Started by chapinwales , Aug 11 2011 05:31 AM

This topic is locked

#1
chapinwales

Posted 11 August 2011 - 05:31 AM

Member

Member
22 posts

The problem is with ‘spoolsv’ preventing printing.
Running the ‘sfc/scannow’ utility, after starting the spoolsv service cures the problem until re-booting when printing is not available again.
What makes me think it may be some form of infection is on boot the ‘spoolsv.exe’ service is 43 KB in size with a signature being Phoenix Technologies – after running ‘sfc/scannow’ (printing now available) ‘spoolsv.exe’ is now 545 KB with the signature being Microsoft.
I have run AVG anti-virus, Malwarebytes, Spybot S & D and Norton internet security and nothing has been found. I have also reinstalled Windows but with no success.
I don’t think it is a printer problem (HP Photosmart S4280) since I still have the problem after uninstalling with Micosoft Fax and XPS Document Writer (they disappear from the Devices & Printer screen)
The PC is a Dell Laptop Studio 1555 running Windows 7 64 bit.
The log below was made after booting with Phoenix spoolsv in place.
Any help would be greatly appreciated.

OTL logfile created on: 11/08/2011 11:46:02 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Moira\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.14% Memory free
7.93 Gb Paging File | 6.09 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 414.16 Gb Free Space | 91.82% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MOIRA-PC | User Name: Moira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 11:53:31 | 000,053,312 | ---- | M] () -- C:\Windows\chsync.exe
PRC - [2011/08/11 11:44:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Moira\Downloads\OTL.exe
PRC - [2011/08/08 12:51:23 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2009/07/09 19:21:32 | 000,166,912 | ---- | M] (Ericsson AB) -- C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe

========== Modules (SafeList) ==========

MOD - [2011/08/11 11:44:52 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Moira\Downloads\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/06 13:20:40 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 09:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 22:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 22:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 22:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 22:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/26 12:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 08:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 07:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 07:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 07:20:48 | 000,113,168 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2011/08/06 13:23:40 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110810.037\EX64.SYS -- (NAVEX15)
DRV - [2011/08/06 13:23:40 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/08/06 13:23:40 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/06 13:23:40 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20110810.037\ENG64.SYS -- (NAVENG)
DRV - [2011/08/05 15:58:54 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110810.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/23 00:32:12 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx64.sys -- (BHDrvx64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 CB D6 51 0D 4D CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\IPSFFPlgn\ [2011/08/06 13:25:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\coFFPlgn_2011_7_0_8 [2011/08/11 10:54:11 | 000,000,000 | ---D | M]

[2011/07/31 21:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moira\AppData\Roaming\Mozilla\Extensions
File not found (No name found) --

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20110728095328 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 09:48:29 | 000,000,000 | ---D | C] -- C:\Users\Moira\Desktop\New folder
[2011/08/07 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/06 15:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/08/06 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/08/06 15:11:51 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\NPE
[2011/08/06 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/08/06 13:21:28 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\Symantec
[2011/08/06 13:20:40 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/06 13:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/08/06 13:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/06 13:20:18 | 000,912,504 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA64.sys
[2011/08/06 13:20:18 | 000,744,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011/08/06 13:20:18 | 000,450,680 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS64.sys
[2011/08/06 13:20:18 | 000,386,168 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011/08/06 13:20:18 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Ironx64.sys
[2011/08/06 13:20:18 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011/08/06 13:20:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/08/06 13:20:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011/08/06 13:20:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/08/06 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/08/06 13:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/08/06 13:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/08/06 13:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/08/02 14:58:46 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\TidyView
[2011/08/01 21:52:42 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\WirelessManager
[2011/08/01 21:49:24 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\BVRP Software
[2011/08/01 21:46:39 | 012,151,808 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/08/01 21:46:39 | 003,593,216 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/08/01 21:46:39 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/08/01 21:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/08/01 21:46:04 | 001,431,040 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/08/01 21:46:04 | 000,598,016 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/08/01 21:46:04 | 000,487,424 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/08/01 21:46:04 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/08/01 21:46:04 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646217.dll
[2011/08/01 21:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/08/01 20:43:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011/08/01 20:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/08/01 20:43:24 | 000,000,000 | ---D | C] -- C:\Intel
[2011/08/01 20:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011/08/01 20:36:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
[2011/08/01 20:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/08/01 20:28:53 | 000,000,000 | ---D | C] -- C:\dell
[2011/08/01 19:41:26 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\ATI
[2011/08/01 19:41:26 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\ATI
[2011/08/01 19:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/08/01 19:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/08/01 19:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/08/01 19:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/08/01 19:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/08/01 19:37:52 | 000,113,168 | ---- | C] (ATI Research Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2011/08/01 19:37:51 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/08/01 19:37:51 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/08/01 19:37:50 | 000,420,352 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/08/01 19:37:50 | 000,203,264 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/08/01 19:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/08/01 19:25:13 | 000,272,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/08/01 19:25:13 | 000,260,904 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/08/01 19:25:13 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/08/01 19:25:13 | 000,203,560 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/08/01 19:25:13 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/08/01 19:25:13 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2011/08/01 19:25:13 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/08/01 19:25:12 | 000,395,048 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/08/01 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Broadcom
[2011/08/01 19:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/08/01 19:02:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/01 18:41:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/01 18:40:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/01 18:22:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vmm32
[2011/08/01 18:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2011/07/31 21:24:08 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Mozilla
[2011/07/31 21:24:07 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Thunderbird
[2011/07/31 21:24:07 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Thunderbird
[2011/07/31 13:57:57 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Microsoft Games
[2011/07/30 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Moira\Desktop\Emergency
[2011/07/30 11:48:07 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\FUJIFILM
[2011/07/30 10:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011/07/30 10:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/07/30 08:48:06 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/07/30 08:47:39 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/07/28 21:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/07/28 21:20:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/07/28 21:20:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/07/28 21:02:55 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\PCDr
[2011/07/28 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Conduit
[2011/07/28 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinePixViewer
[2011/07/28 19:49:26 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\SysWow64\FFRafShellEx.dll
[2011/07/28 19:49:25 | 000,274,432 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\SysWow64\FFTIFF16.dll
[2011/07/28 19:49:24 | 000,155,648 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\SysWow64\FFRAFLIB.DLL
[2011/07/28 19:49:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/07/28 19:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinePixViewer
[2011/07/28 19:48:49 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\InstallShield
[2011/07/28 19:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2011/07/28 19:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/07/28 19:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2011/07/28 19:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/07/28 19:37:42 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/07/28 19:37:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2011/07/28 19:27:58 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\MigWiz
[2011/07/28 19:06:25 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Diagnostics
[2011/07/28 13:26:42 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\ElevatedDiagnostics
[2011/07/28 12:58:14 | 000,000,000 | R--D | C] -- C:\Users\Moira\Documents\Scanned Documents
[2011/07/28 12:58:07 | 000,000,000 | R--D | C] -- C:\Users\Moira\Documents\My Stationery
[2011/07/28 12:58:07 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\restore
[2011/07/28 12:58:07 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\Red Legends ___files
[2011/07/28 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\IncrediMail Transferred Data
[2011/07/28 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\Home insurance
[2011/07/28 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\Fax
[2011/07/28 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\Dell WebCam Central
[2011/07/28 12:57:59 | 000,000,000 | ---D | C] -- C:\Users\Moira\Documents\Bluetooth Exchange Folder
[2011/07/28 11:36:03 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\AVG10
[2011/07/28 11:31:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/07/28 11:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/07/28 11:30:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/07/28 11:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/07/28 11:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/07/28 11:13:33 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Macromedia
[2011/07/28 11:13:32 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Adobe
[2011/07/28 11:13:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/07/28 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\IM
[2011/07/28 11:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2011/07/28 11:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2011/07/28 11:04:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/07/28 10:56:07 | 000,000,000 | R--D | C] -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/07/28 10:56:07 | 000,000,000 | R--D | C] -- C:\Users\Moira\Searches
[2011/07/28 10:56:07 | 000,000,000 | R--D | C] -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/28 10:56:06 | 000,000,000 | -H-D | C] -- C:\Users\Moira\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/07/28 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Identities
[2011/07/28 10:55:56 | 000,000,000 | R--D | C] -- C:\Users\Moira\Contacts
[2011/07/28 10:55:54 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\VirtualStore
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\AppData\Local\Temporary Internet Files
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Templates
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Start Menu
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\SendTo
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Recent
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\PrintHood
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\NetHood
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Documents\My Videos
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Documents\My Pictures
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Documents\My Music
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\My Documents
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Local Settings
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\AppData\Local\History
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Cookies
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\Application Data
[2011/07/28 10:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Moira\AppData\Local\Application Data
[2011/07/28 10:55:47 | 000,000,000 | --SD | C] -- C:\Users\Moira\AppData\Roaming\Microsoft
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Videos
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Saved Games
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Pictures
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Music
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Links
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Favorites
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Downloads
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Documents
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\Desktop
[2011/07/28 10:55:47 | 000,000,000 | R--D | C] -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/07/28 10:55:47 | 000,000,000 | -H-D | C] -- C:\Users\Moira\AppData
[2011/07/28 10:55:47 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Temp
[2011/07/28 10:55:47 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Local\Microsoft
[2011/07/28 10:55:47 | 000,000,000 | ---D | C] -- C:\Users\Moira\AppData\Roaming\Media Center Programs
[2011/07/28 10:55:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/07/28 10:55:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/07/28 10:39:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/07/28 10:38:26 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/08/11 11:53:31 | 000,053,312 | ---- | M] () -- C:\Windows\chsync.exe
[2011/08/11 11:01:15 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 11:01:14 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 11:00:47 | 001,623,780 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/08/11 10:59:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/11 10:59:51 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/11 10:59:51 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/11 10:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 10:53:46 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/08 13:58:20 | 000,001,437 | ---- | M] () -- C:\Users\Moira\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/08 13:53:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/08 13:53:51 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/08 12:35:06 | 000,053,312 | ---- | M] () -- C:\Windows\chsyncBM.exe
[2011/08/07 16:52:56 | 000,006,002 | ---- | M] () -- C:\Users\Moira\Documents\cc_20110807_165248.reg
[2011/08/07 15:38:44 | 000,040,872 | ---- | M] () -- C:\Users\Moira\Documents\cc_20110807_153835.reg
[2011/08/06 15:58:19 | 000,001,264 | ---- | M] () -- C:\Users\Moira\Desktop\Revo Uninstaller.lnk
[2011/08/06 13:20:40 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/08/06 13:20:40 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/06 13:20:40 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/06 13:20:34 | 000,002,561 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/08/02 14:21:58 | 000,402,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/01 20:36:03 | 000,898,624 | ---- | M] () -- C:\Windows\SysNative\oem17.inf
[2011/08/01 19:26:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/01 19:23:00 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/07/28 19:49:44 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\FinePixViewer.lnk
[2011/07/28 19:49:44 | 000,001,955 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2011/07/28 19:44:49 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/07/28 19:44:38 | 000,001,999 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/07/28 19:22:20 | 000,001,076 | ---- | M] () -- C:\Users\Moira\Desktop\Pictures - Shortcut.lnk
[2011/07/28 19:22:14 | 000,001,079 | ---- | M] () -- C:\Users\Moira\Desktop\Documents - Shortcut.lnk
[2011/07/28 19:22:08 | 000,000,355 | ---- | M] () -- C:\Users\Moira\Desktop\Computer - Shortcut.lnk
[2011/07/28 11:06:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 10:56:11 | 000,001,443 | ---- | M] () -- C:\Users\Moira\Desktop\Internet Explorer.lnk
[2011/07/28 10:41:43 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/07/28 10:41:43 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/07/28 10:40:30 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/07/20 17:02:30 | 000,286,411 | ---- | M] () -- C:\Users\Moira\Documents\usb
[2011/07/20 00:35:26 | 000,002,011 | ---- | M] () -- C:\Users\Moira\Desktop\HP Photosmart C4200 series (Copy 1) - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/08/11 11:53:31 | 000,053,312 | ---- | C] () -- C:\Windows\chsync.exe
[2011/08/08 13:58:16 | 000,001,443 | ---- | C] () -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/08 13:53:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/08 13:53:51 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/08 12:35:06 | 000,053,312 | ---- | C] () -- C:\Windows\chsyncBM.exe
[2011/08/07 16:52:51 | 000,006,002 | ---- | C] () -- C:\Users\Moira\Documents\cc_20110807_165248.reg
[2011/08/07 15:38:39 | 000,040,872 | ---- | C] () -- C:\Users\Moira\Documents\cc_20110807_153835.reg
[2011/08/06 15:58:19 | 000,001,264 | ---- | C] () -- C:\Users\Moira\Desktop\Revo Uninstaller.lnk
[2011/08/06 13:20:43 | 001,623,780 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/08/06 13:20:40 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/08/06 13:20:40 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/08/06 13:20:34 | 000,002,561 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/08/06 13:20:18 | 000,000,000 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS64.cat
[2011/08/06 13:20:12 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA.inf
[2011/08/06 13:20:12 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymDS.inf
[2011/08/06 13:20:12 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymNet.inf
[2011/08/06 13:20:12 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011/08/06 13:20:12 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011/08/06 13:20:12 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Iron.inf
[2011/08/06 13:20:03 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011/08/06 13:20:03 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011/08/06 13:20:03 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\SymEFA64.cat
[2011/08/06 13:20:03 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011/08/06 13:20:03 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011/08/06 13:20:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011/08/01 20:36:09 | 000,898,624 | ---- | C] () -- C:\Windows\SysNative\oem17.inf
[2011/08/01 20:35:33 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2011/08/01 20:35:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\bcmwlrmt.dll
[2011/08/01 20:35:32 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2011/08/01 20:35:32 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2011/08/01 19:26:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/08/01 19:22:03 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/07/30 15:35:53 | 000,002,011 | ---- | C] () -- C:\Users\Moira\Desktop\HP Photosmart C4200 series (Copy 1) - Shortcut.lnk
[2011/07/30 08:49:19 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/07/30 08:47:14 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/07/30 08:46:59 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/07/30 08:46:59 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/07/30 08:46:41 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/07/28 19:49:44 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\FinePixViewer.lnk
[2011/07/28 19:49:44 | 000,001,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk
[2011/07/28 19:44:38 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Publisher.lnk
[2011/07/28 19:40:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/28 19:40:26 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2011/07/28 19:40:26 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2011/07/28 19:40:26 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/07/28 19:40:26 | 000,001,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/07/28 19:40:25 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2011/07/28 19:40:25 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2011/07/28 19:40:25 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2011/07/28 19:37:14 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2011/07/28 19:22:20 | 000,001,076 | ---- | C] () -- C:\Users\Moira\Desktop\Pictures - Shortcut.lnk
[2011/07/28 19:22:14 | 000,001,079 | ---- | C] () -- C:\Users\Moira\Desktop\Documents - Shortcut.lnk
[2011/07/28 19:22:08 | 000,000,355 | ---- | C] () -- C:\Users\Moira\Desktop\Computer - Shortcut.lnk
[2011/07/28 12:58:15 | 000,618,015 | ---- | C] () -- C:\Users\Moira\Documents\pool results 001.jpg
[2011/07/28 12:58:15 | 000,286,411 | ---- | C] () -- C:\Users\Moira\Documents\usb
[2011/07/28 12:58:15 | 000,272,685 | ---- | C] () -- C:\Users\Moira\Documents\Your-TV-Licence.pdf
[2011/07/28 12:58:15 | 000,043,384 | ---- | C] () -- C:\Users\Moira\Documents\snakeurs-1.jpg
[2011/07/28 12:58:15 | 000,041,456 | ---- | C] () -- C:\Users\Moira\Documents\Picture 008.jpg
[2011/07/28 12:58:14 | 000,044,684 | ---- | C] () -- C:\Users\Moira\Documents\arrangements_en.pdf
[2011/07/28 12:58:14 | 000,043,757 | ---- | C] () -- C:\Users\Moira\Documents\halloween 2014.jpg
[2011/07/28 12:58:14 | 000,032,985 | ---- | C] () -- C:\Users\Moira\Documents\for Moira.jpg
[2011/07/28 12:58:14 | 000,027,407 | ---- | C] () -- C:\Users\Moira\Documents\halloween 2015.jpg
[2011/07/28 12:58:14 | 000,011,558 | ---- | C] () -- C:\Users\Moira\Documents\60777768.pdf
[2011/07/28 11:06:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/07/28 11:01:24 | 000,001,437 | ---- | C] () -- C:\Users\Moira\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/28 10:56:11 | 000,001,409 | ---- | C] () -- C:\Users\Moira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/07/28 10:56:08 | 000,001,443 | ---- | C] () -- C:\Users\Moira\Desktop\Internet Explorer.lnk
[2011/07/28 10:55:47 | 000,000,290 | ---- | C] () -- C:\Users\Moira\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/07/28 10:55:47 | 000,000,272 | ---- | C] () -- C:\Users\Moira\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/07/28 10:41:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/07/28 10:41:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/07/28 10:40:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/28 10:38:25 | 3193,585,664 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/28 11:36:03 | 000,000,000 | ---D | M] -- C:\Users\Moira\AppData\Roaming\AVG10
[2011/07/30 11:48:09 | 000,000,000 | ---D | M] -- C:\Users\Moira\AppData\Roaming\FUJIFILM
[2011/07/28 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Moira\AppData\Roaming\PCDr
[2011/07/31 21:24:07 | 000,000,000 | ---D | M] -- C:\Users\Moira\AppData\Roaming\Thunderbird
[2011/08/06 16:14:20 | 000,000,000 | ---D | M] -- C:\Users\Moira\AppData\Roaming\TidyView
[2011/08/01 21:52:44 | 000,000,000 | ---D | M] -- C:\Users\Moira\AppData\Roaming\WirelessManager
[2009/07/14 06:08:49 | 000,011,278 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/08/2011 11:46:02 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Moira\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.14% Memory free
7.93 Gb Paging File | 6.09 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 414.16 Gb Free Space | 91.82% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.45 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MOIRA-PC | User Name: Moira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files (x86)\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"NIS" = Norton Internet Security
"Revo Uninstaller" = Revo Uninstaller 1.92

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2011 14:01:06 | Computer Name = Moira-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/08/2011 14:01:11 | Computer Name = Moira-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/08/2011 14:03:55 | Computer Name = Moira-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/08/2011 14:03:55 | Computer Name = Moira-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\IncrediMail\Bin\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/08/2011 14:04:24 | Computer Name = Moira-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 01/08/2011 14:17:42 | Computer Name = Moira-PC | Source = ESENT | ID = 215
Description = WinMail (636) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 01/08/2011 16:49:24 | Computer Name = Moira-PC | Source = System Restore | ID = 8193
Description =

Error - 04/08/2011 09:17:27 | Computer Name = Moira-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17625,
time stamp: 0x4de88429 Exception code: 0xc0000002 Fault offset: 0x000000000000cacd
Faulting
process id: 0x740 Faulting application start time: 0x01cc52a2031fcb5c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 18fc050c-be9c-11e0-b3f2-0026b91f1748

Error - 06/08/2011 08:58:24 | Computer Name = Moira-PC | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 10.1.1.16 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: be8 Start
Time: 01cc543409f01cae Termination Time: 47 Application Path: C:\Program Files (x86)\Norton
Internet Security\Engine\18.6.0.29\ccSvcHst.exe Report Id: b7add36a-c02b-11e0-b94b-0026b91f1748

Error - 08/08/2011 07:07:12 | Computer Name = Moira-PC | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6217.0, time
stamp: 0x4a49023f Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting
process id: 0x3e8 Faulting application start time: 0x01cc55bb4c901dae Faulting application
path: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 904a0a23-c1ae-11e0-adff-0026b91f1748

[ System Events ]
Error - 08/08/2011 07:47:22 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7000
Description = The Spooler service failed to start due to the following error: %%1053

Error - 08/08/2011 07:51:32 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spooler
service to connect.

Error - 08/08/2011 07:51:32 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7000
Description = The Spooler service failed to start due to the following error: %%1053

Error - 08/08/2011 08:37:17 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spooler
service to connect.

Error - 08/08/2011 08:37:17 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7000
Description = The Spooler service failed to start due to the following error: %%1053

Error - 08/08/2011 08:57:02 | Computer Name = Moira-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 08/08/2011 08:57:13 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spooler
service to connect.

Error - 08/08/2011 08:57:13 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7000
Description = The Spooler service failed to start due to the following error: %%1053

Error - 11/08/2011 05:54:05 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spooler
service to connect.

Error - 11/08/2011 05:54:05 | Computer Name = Moira-PC | Source = Service Control Manager | ID = 7000
Description = The Spooler service failed to start due to the following error: %%1053

< End of report >

#2
Dakeyras

Posted 17 August 2011 - 04:58 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi and welcome to Geeks to Go. :unsure:

I do not think you may actually have any Malware related problems that are the root cause to be honest, more so since you stated you have performed some form of Operating System reinstall. However I see no harm checking on your behalf Malware is not the culprit to err on the side of caution as I am not omnipotent and only going from the OTL logs your good self posted.

If not Malware related I can refer to a specific IT Support/Tech area of the forum OK.

Download/run Unhide:

Please download unhide.exe to your desktop.

Right-click unhide.exe and select Run as Administrator to run application.
Be patient whilst it runs and click on OK at the prompt.

TFC(Temp File Cleaner):

Please download TFC to your desktop,
Save any unsaved work. TFC will close all open application windows.
Right-click TFC.exe and select Run as Administrator to run the program.
Click the Start button in the bottom left of TFC
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
Note: The feel trial offered for the Protection Module is optional.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.

The log can also be found here:

Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan...Click on Scan now

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log.
ESET Log.

#3
chapinwales

Posted 17 August 2011 - 11:30 AM

Member

Topic Starter
Member
22 posts

Thanks Dakeyras, your help is really appreciated

Problem is exactly the same – on boot the Phoenix spoolsv (43KB) is the .exe file, with the old Microsoft spoolsv now spoolsv.exe.org. Reinstating the Microsoft spoolsv as the .exe file and printing is available until re-booting.

The files requested are shown below – looks like there is no virus/malware as you thought!
_____________________________________________

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7485

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

17/08/2011 14:02:52
mbam-log-2011-08-17 (14-02-52).txt

Scan type: Quick scan
Objects scanned: 180701
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________________________________________-

ESET Log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=41217
esets_scanner_update returned -1 esets_gle=12
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=52c1b000f72b5744aa34eec5002d30c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-17 02:20:48
# local_time=2011-08-17 03:20:48 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 1739777 1739777 0 0
# compatibility_mode=3588 16777214 85 79 1234 17481587 0 0
# compatibility_mode=5893 16776573 100 94 4619 66053831 0 0
# compatibility_mode=8192 67108863 100 0 757 757 0 0
# scanned=106823
# found=0
# cleaned=0
# scan_time=2067

#4
Dakeyras

Posted 18 August 2011 - 04:45 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Thanks Dakeyras, your help is really appreciated

You're welcome!

Problem is exactly the same

OK, I carried out some further research into this particular issue and lets see if the below will rectify it as follows...

Windows 7 - System File Checker:

You may require your Windows 7 DVD for the below. If prompted insert the Windows 7 DVD into the Optical Drive.

Click on Start(Windows 7 Orb).
Click on All Programs >> Accessories
Right click on Command Prompt and select Run as Administrator.
Click on Continue in the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
CD C:\
Then depress the Enter/Return key, then type in the following exactly:
sfc /scannow
Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

Click on Start(Widnows 7 Orb) >> All Programs >> Accessories >> Right-click on Windows Explorer and select Run as Administrator

Now click C:\ >> Windows >> System32 >> and navigate to spoolsv.exe

Now right-click on spoolsv.exe and select Properties >> next to Attributes select Read-only >> click on Apply >> OK

Reboot your machine and let myself know if still the same issue, thank you.

#5
chapinwales

Posted 18 August 2011 - 05:59 AM

Member

Topic Starter
Member
22 posts

Thanks Dakeyras

Did exactly as suggested but the result is the same. The read only .exe file is now the .exe.org file with a smaller 43KB corrupted Phoenix spoolsv file.

I have tried variation of this before with almost no luck. I say ‘almost’ since on one occasion by deleting the 43KB spoolsv file then renaming the spoolsv.exe.org file to spoolsv.exe the problem disappeared for about 6 boots then it came back. I can’t seem to be able to replicate this.

Very confusing!

Thanks again for your interest.

#6
Dakeyras

Posted 18 August 2011 - 08:31 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

OK please download this Microsoft Fixit >> Right-click on MicrosoftFixit.printing.Run and select Run as Administrator then follow the prompts.

If still a problem I'll refer your good self to the appropriate IT support area of the forum.

#7
chapinwales

Posted 18 August 2011 - 09:33 AM

Member

Topic Starter
Member
22 posts

Sorry Dakeyras still the same problem. The Microsoft FixIt just tells me spooler is not running (with the corrupted spoolsv version) or everything is ok with the un-corrupted version - nothing new

Afraid we are no further forward.

#8
Dakeyras

Posted 18 August 2011 - 11:55 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

OK I think it best to refer you as mentioned as primarily both myself and this part of the forum only provide Anti-Malware support. So create a new topic in this part of the forum:-

Windows Vista™ and Windows 7™

By all means mention I advised seeking further assistance with this matter and include this topics URL if you so wish:-

http://www.geekstogo.com/forum/topic/305785-soolsv-malware-problem/page__pid__2047009#entry2047009

Next:

Apart from the ongoing printer related problem your machine appears to be malware free.

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

Right-click OTL and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[ClearAllRestorePoints]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered. When finished click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, Norton Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not good luck with the printer issue and stay safe!

#9
chapinwales

Posted 18 August 2011 - 12:35 PM

Member

Topic Starter
Member
22 posts

Thanks for all your efforts and time spent on my problem and your good advice. This is the first time I have used geeks to go! but I am so far very impressed.
Thanks

#10
Dakeyras

Posted 18 August 2011 - 02:40 PM

Anti-Malware Mammoth

Expert
9,772 posts

You're welcome!

#11
Dakeyras

Posted 19 August 2011 - 02:12 PM

Anti-Malware Mammoth

Expert
9,772 posts

Since this issue appears to not to be Malware related ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.