Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Restore window "PC Performance & Stability analysis rep


  • This topic is locked This topic is locked

#91
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
IE9 needs Service Pack 2.

I tried to install SP2, but I got the screen "Some changes could not be completed. Reverting changes. Will retry on startup. Do not turn off your computer":
SP2_SomeChangesCouldNotBeCompleted.jpg

Then it restarted and it tried to install SP2 again, but I got the screen "Service Pack did not install. Reverting changes. Do not turn off your computer":
ServicePackDidNotInstall.jpg

The computer restart after that, and I got this screen once windows was back:
SP2_unsuccessful_install.gif

I checked ERROR_SHARING_VIOLATION(0x80070020 on this page:
http://support.microsoft.com/kb/883825

Should I do Method 2? Or do you have any other suggestion instead?

Edited by maezhou, 09 November 2011 - 05:25 AM.

  • 0

Advertisements


#92
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Start from this part Method 2: Start the computer in safe mode with network support, and then install the updates Windows Vista, Windows Server 2008, or Windows 7 if that should fail then use the clean boot option method 3
  • 0

#93
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Did Method 2, but Windows Update isn't working on my Windows Vista Safe mode.
So I tried Method 3, but still didn't worked. Still getting the same error updating to Service Pack 2.

And now, i'm getting this error every restart:
AfterSafeMode_RunnerError.gif
I just click on [OK] to make it go away.

I think trying to update to SP2 made things worst.
I'm now getting the blue screen every 15-30 minutes or so :)
I think i'm getting the blue screen whenever my Webroot antivirus and spyware is trying to scan a corrupted file.

I tried to get a screenshot and open my photoshop, but can't successfully open Photoshop and I get this error while opening it:
Photoshp_exe_corrupt_file.jpg

I tried to do a regular restart (been a while since I did a regular restart since I've always been getting the blue screen). But I still get the CHKDSK screen upon restart:
Chkdsk.jpg

And when it restarted, I got this balloon popup msg:
Failed2Connect2aWindowService.jpg


:yes:

Edited by maezhou, 10 November 2011 - 04:37 AM.

  • 0

#94
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OK. I tried to go back to Method 3 for trying to update SP1 to SP2.
And revert everything on msconfig.exe (compared it to another laptop using Windows Vista).
And did a restart.

I'm still getting this once windows is up:
AfterSafeMode_RunnerError.gif

Tried to open several programs, including Photoshop. They're working fine.
I'm not encountering that IE error now. Not sure though if it's because the machine hasn't stayed on for long (since i've always been getting the blue screen).

And then tried to do a scan with Webroot antivirus and spyware. And I got the blue screen again after a few minutes.

Edited by maezhou, 10 November 2011 - 12:16 PM.

  • 0

#95
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Uninstall Logitech meesenger from your system and the first message should now disappear

Could you now run another OTL for me please and let me know the current state of play
  • 0

#96
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I uninstalled Logitech using the Programs and Features' uninstall.
Then restarted the machine. But the Runner error popup is still there.
So I just manually removed LogitechDesktopMessenger from the startup (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup).
And that did it. I no longer get the popup after restart.

I run the OTL choosing Scan All Users (see log below).
And then run the Webroot antivirus. I didn't get the bluescreen this time, but the scanning froze midway and the system froze as well, so I have to reboot.

Here' the OTL log:

OTL logfile created on: 11/10/2011 3:54:06 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.65% Memory free
4.22 Gb Paging File | 3.10 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 35.78 Gb Free Space | 20.06% Space Free | Partition Type: NTFS

Computer Name: BULLETS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 08:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/09/08 17:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/09/08 17:37:13 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2011/08/24 17:28:48 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/01 10:19:14 | 000,628,072 | ---- | M] (Nortel Networks) -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/03 05:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:33:39 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/10/30 03:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/10/12 15:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/10/10 15:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/20 09:23:16 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2007/09/20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/09/19 10:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/28 15:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 15:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 19:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 19:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 07:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/08 04:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 04:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 04:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/03 17:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/03 20:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 13:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 17:37:24 | 002,557,952 | ---- | M] () -- C:\Program Files\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2011/07/27 21:44:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/29 02:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/01/19 02:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/07/27 10:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2008/07/27 10:03:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2007/10/30 03:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/09/19 04:19:58 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/08 17:37:19 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/24 17:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/12/28 00:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/01 10:19:14 | 000,628,072 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/03 02:45:04 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/28 20:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 11:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 17:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 15:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 15:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 19:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 00:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 07:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 07:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\68522918.sys -- (68522918)
DRV - [2011/10/23 13:17:10 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzi1odu0.sys -- (uzi1odu0)
DRV - [2011/10/22 11:54:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/11 09:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/07/11 09:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2011/07/11 09:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2010/03/01 09:52:50 | 000,068,688 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV - [2010/03/01 09:52:46 | 000,040,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ntnvca.sys -- (NT_NvcA)
DRV - [2008/08/18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/19 12:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 04:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/18 19:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 17:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/08 04:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 04:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 16:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/01 23:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2005/11/02 03:23:08 | 000,014,464 | R--- | M] (©NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found


IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = globalsources.com;www2.variety.com;*.local;<local>
IE - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.sg.globalsources.com:3333

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 18:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 22:49:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/19 14:24:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/26 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/11/07 18:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions
[2010/03/25 21:17:18 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 18:27:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/10 18:59:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/06/19 13:46:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/30 22:57:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/15 19:00:20 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/10/10 21:33:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/14 05:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/01/08 08:08:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/26 20:29:44 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/11/07 18:03:41 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2010/11/15 08:37:36 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\d7hqvm9f.default\extensions\[email protected]
[2011/03/21 14:28:02 | 000,000,921 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\searchplugins\conduit.xml
[2011/11/08 20:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D7HQVM9F.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 18:16:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/12/17 05:57:53 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2011/09/08 20:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 19:01:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:16:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/10 14:58:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NVC] C:\Program Files\Nortel\Nortel VPN Client\Nvc.exe (Nortel Networks)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: d-addicts.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([bugzero] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([exchange] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([merlion] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: globalsources.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: google.com ([mail] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: variety.com ([www2] http in Trusted sites)
O15 - HKU\S-1-5-21-2528014064-590018410-3601204245-1000\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D043B09-6D04-416F-98FD-37C14266FA88}: DhcpNameServer = 10.35.28.28 10.35.28.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.35.28.28,10.71.20.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBA58C74-8DE1-4E19-A4C4-10380F461B9D}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\Windows\System32\mdhcp32.dll ()
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O30 - LSA: Security Packages - (410-3601204245-1000) - File not found
O30 - LSA: Security Packages - (Ḯ&) - File not found
O30 - LSA: Security Packages - (䥬) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 00:25:02 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/11/08 23:43:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/11/08 12:57:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/11/06 10:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
[2011/11/05 09:19:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/05 09:14:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/05 07:48:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/03 21:19:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/11/03 19:53:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/03 19:53:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/03 19:53:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/23 14:45:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 09:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 09:10:11 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/22 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\system malfunction screenshots
[2011/10/22 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/10/22 13:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 13:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/22 13:43:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/22 13:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/22 13:29:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/22 13:20:12 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/10/22 13:17:24 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 08:37:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 01:23:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2011/10/21 23:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/12 19:51:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Training Lessons

========== Files - Modified Within 30 Days ==========

[2011/11/10 16:10:18 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
[2011/11/10 16:07:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 15:54:20 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/10 15:54:20 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/10 15:47:50 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 15:47:50 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 15:47:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 15:47:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 15:47:31 | 2137,427,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 15:45:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
[2011/11/10 14:58:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/10 09:55:36 | 228,935,968 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/09 17:52:33 | 000,064,000 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 14:38:00 | 000,006,324 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/11/09 14:20:54 | 000,028,160 | ---- | M] () -- C:\Windows\System32\dll.dll
[2011/11/09 14:20:54 | 000,000,016 | ---- | M] () -- C:\Windows\System32\crt.dat
[2011/11/09 14:20:49 | 000,295,042 | ---- | M] () -- C:\Windows\System32\shimg.dll
[2011/11/09 14:20:46 | 000,050,688 | ---- | M] () -- C:\Windows\System32\mdhcp32.dll
[2011/11/09 01:24:44 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
[2011/11/08 18:56:32 | 000,657,920 | ---- | M] () -- C:\Users\Owner\Desktop\MicrosoftFixit50461.msi
[2011/11/08 11:18:04 | 000,158,756 | ---- | M] () -- C:\Users\Owner\Desktop\Portal Integration_adp_changeInfo
[2011/11/08 11:06:01 | 000,002,557 | ---- | M] () -- C:\Users\Owner\Desktop\RSA SecurID Software Token.lnk
[2011/11/07 22:50:27 | 000,003,656 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2011/11/07 17:44:25 | 000,001,768 | ---- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/11/06 10:40:50 | 000,000,939 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/11/05 07:46:39 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\68522918.sys
[2011/10/23 13:17:10 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/22 13:17:32 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/22 11:54:16 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 09:47:05 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/22 08:32:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/10/22 01:23:47 | 000,001,111 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/10/15 00:50:49 | 000,001,614 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/13 18:42:18 | 000,875,022 | ---- | M] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg

========== Files Created - No Company Name ==========

[2011/11/09 17:10:15 | 000,002,565 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2011/11/09 17:10:15 | 000,002,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/09 17:10:15 | 000,002,256 | ---- | C] () -- C:\Users\Owner\Desktop\Logitech Desktop Messenger.lnk
[2011/11/09 17:10:15 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/09 17:10:15 | 000,001,111 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/11/09 17:10:15 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
[2011/11/09 17:10:15 | 000,000,582 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
[2011/11/09 14:43:37 | 2137,427,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/09 14:20:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\dll.dll
[2011/11/09 14:20:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\crt.dat
[2011/11/09 14:20:49 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2011/11/09 14:20:46 | 000,050,688 | ---- | C] () -- C:\Windows\System32\mdhcp32.dll
[2011/11/08 18:55:48 | 000,657,920 | ---- | C] () -- C:\Users\Owner\Desktop\MicrosoftFixit50461.msi
[2011/11/08 11:18:04 | 000,158,756 | ---- | C] () -- C:\Users\Owner\Desktop\Portal Integration_adp_changeInfo
[2011/11/07 22:50:27 | 000,003,656 | -HS- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
[2011/11/07 22:50:23 | 000,005,224 | -HS- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneNote Table Of Contents.onetoc2
[2011/11/06 10:40:50 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2011/11/03 19:53:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/03 19:53:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/03 19:53:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/03 19:53:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/03 19:53:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/03 19:30:23 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/11/03 19:21:44 | 000,000,944 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/23 13:17:10 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzi1odu0.sys
[2011/10/22 10:20:35 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Nortel VPN Client.lnk
[2011/10/22 10:20:35 | 000,001,081 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ZoomBrowser EX.lnk
[2011/10/22 10:20:34 | 000,002,821 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero BurnLite 10.lnk
[2011/10/22 10:20:34 | 000,002,004 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/22 10:20:34 | 000,001,854 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari 4.lnk
[2011/10/22 10:20:34 | 000,001,844 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\MP Navigator EX - MP210 Solution Menu.lnk
[2011/10/22 10:20:34 | 000,001,790 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/22 10:20:34 | 000,001,726 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/10/22 10:20:34 | 000,001,724 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/22 10:20:34 | 000,001,664 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/10/22 10:20:34 | 000,001,643 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2011/10/22 10:20:34 | 000,001,614 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/10/22 10:20:34 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/22 10:20:34 | 000,000,939 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Trend Micro AntiVirus.lnk
[2011/10/22 10:20:34 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/10/22 10:20:34 | 000,000,871 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TMPGEnc.exe - Shortcut.lnk
[2011/10/22 10:20:34 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2011/10/22 10:20:34 | 000,000,823 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2011/10/22 10:20:34 | 000,000,796 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\TextPad.lnk
[2011/10/22 10:20:34 | 000,000,258 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/22 10:20:34 | 000,000,240 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/22 10:20:33 | 000,002,305 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/22 10:20:33 | 000,002,221 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro Photo X2.lnk
[2011/10/22 10:20:33 | 000,001,883 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Chikka Messenger v.4.lnk
[2011/10/22 10:20:33 | 000,000,967 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop 6.0.lnk
[2011/10/22 10:20:33 | 000,000,806 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\bsplay.exe - Shortcut.lnk
[2011/10/22 10:20:33 | 000,000,804 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\BitComet.lnk
[2011/10/22 10:20:33 | 000,000,798 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ExamDiff.lnk
[2011/10/22 10:20:33 | 000,000,778 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Core FTP Lite.lnk
[2011/10/22 10:20:33 | 000,000,765 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CDex.exe - Shortcut.lnk
[2011/10/22 10:20:33 | 000,000,629 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CASETOOL.EXE - Shortcut.lnk
[2011/10/22 10:19:39 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/22 09:46:56 | 000,684,297 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
[2011/10/13 18:42:15 | 000,875,022 | ---- | C] () -- C:\Users\Owner\Desktop\Learn CSS3 From A - Z- Getting Started With Layouts_1318560125613.jpeg
[2011/07/26 23:11:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\{29526623-9FE2-4B87-8260-01B1C7EB7782}
[2010/12/24 05:37:05 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/12/24 05:37:05 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2009/12/27 02:14:23 | 000,017,451 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\TempResizeJpeg.JPG
[2009/10/08 19:03:34 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/18 23:43:28 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/15 20:01:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/15 20:01:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/06 21:12:57 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/05/04 08:29:22 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/12 10:45:29 | 000,006,324 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/02/28 19:26:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008/02/28 16:33:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/21 13:38:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/02/21 13:38:01 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/21 13:38:01 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/02/21 13:38:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 13:37:55 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/18 19:13:38 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\287DA63AB7.sys
[2008/02/18 19:13:36 | 000,003,608 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/02/17 21:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/16 23:26:23 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2008/02/16 23:23:15 | 000,777,728 | ---- | C] () -- C:\Windows\System32\Sslsvc.dll
[2008/02/16 23:23:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/02/16 23:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2008/02/16 23:23:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/02/16 23:23:01 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2008/02/16 23:23:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2008/02/15 16:12:52 | 000,064,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/15 02:55:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/15 02:53:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/10/31 10:45:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/10/31 09:56:19 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/10/30 19:28:59 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/10/30 19:28:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/10/30 19:28:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 001,684,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/07 22:40:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BitComet
[2011/11/06 10:46:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer
[2008/02/21 13:02:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BSplayer Pro
[2009/10/11 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2010/09/19 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CoreFTP
[2010/04/10 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2008/03/23 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Helios
[2008/07/21 19:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InterVideo
[2010/08/15 15:55:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Notepad++
[2009/02/28 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2008/10/06 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2009/10/08 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2008/02/27 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/11/10 15:46:47 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/10 16:10:18 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Lovers in Paris NGs.avi:TOC.WMV

< End of report >

Edited by maezhou, 11 November 2011 - 04:00 AM.

  • 0

#97
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Webroot has the antivirus component - is that correct ?

If so could you uninstall Webroot and then re-install a fresh copy please. Do you experience the same problem with MBAM ?

I will remove some of the drivers I have placed on your system

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/10/23 18:43:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\68522918.sys -- (68522918)
    DRV - [2011/10/23 13:17:10 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzi1odu0.sys -- (uzi1odu0)
    DRV - [2011/10/22 11:54:16 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
    IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
    O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\Windows\System32\mdhcp32.dll ()

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#98
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Yes, that's correct. Webroot has antivirus component.

I tried running MBAM and it encountered the same problem.
Scanning froze and then after a a couple of minutes, I got the blue screen.
So it's not the Webroot, right? Do I still have to uninstall Webroot and install it again?
I was able to take a shot where MBAM scanning froze (to see which file it's scanning), before I got the blue screen:
MBAM_scan_freeze.jpg


After rebooting, I run OTL with the notes on Custom Scans/Fixes.

Here's the content of 11112011_172123.txt file (not OTL.txt file):

All processes killed
========== OTL ==========
Error: Unable to stop service 68522918!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\68522918 deleted successfully.
C:\Windows\System32\drivers\68522918.sys moved successfully.
Error: Unable to stop service uzi1odu0!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uzi1odu0 deleted successfully.
C:\Windows\System32\drivers\uzi1odu0.sys moved successfully.
Service TrueSight stopped successfully!
Service TrueSight deleted successfully!
C:\Windows\System32\drivers\TrueSight.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32\ deleted successfully.
C:\Windows\System32\mdhcp32.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 8486469 bytes
->Temporary Internet Files folder emptied: 69580839 bytes
->Java cache emptied: 24019 bytes
->FireFox cache emptied: 46700971 bytes
->Google Chrome cache emptied: 7235446 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 11915 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2704799 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 11112011_172123

Files\Folders moved on Reboot...
File\Folder C:\Users\Owner\AppData\Local\Temp\fla69EA.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF7AB4.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DF7ACC.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFB6BB.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFB8C6.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFD071.tmp not found!
File\Folder C:\Users\Owner\AppData\Local\Temp\~DFDD68.tmp not found!
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6EY7SW7\gossipcenter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6EY7SW7\index[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6EY7SW7\panelAd[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6EY7SW7\redirect_v93_cim_11_15_6[1].html moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6EY7SW7\sandbox[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1B700DN\afr[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1B700DN\comments[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1B700DN\gossipcenter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1B700DN\login_status[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W1B700DN\statstracker[4].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPM2RQO0\gossipcenter[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPM2RQO0\jstags[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPM2RQO0\like[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPM2RQO0\like[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPM2RQO0\reviews[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPM2RQO0\video_gallery[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\247130[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\gossipcenter[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\gossipcenter[2].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\gossipcenter[3].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\like[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\sandbox[7].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2QDMQYC\sh68[1].html moved successfully.

Registry entries deleted on Reboot...

Edited by maezhou, 11 November 2011 - 07:42 PM.

  • 0

#99
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes uninstall webroot please using the uninstall tool from here
Don't forget to make a note of the licence number

Once fully uninstalled run MBAM prior to reinstalling webroot
  • 0

#100
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Ops, I've reinstalled Webroot without running MBAM first.
  • 0

Advertisements


#101
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem is MBAM still freezing now ?
  • 0

#102
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Yes MBAM froze and I got BSOD again :)

Once windows was back after rebooting, I got this prompt:
Unauthorizedchange_2_window.gif

I clicked on Learn more and gave me the Windows Validation page for error C004D401:
http://www.microsoft...kError=C004D401

I'll try to run ErrorRepair_file.exe repair utility that I got from this page:
http://www.wiki-erro...wiki=0xC004D401

Edited by maezhou, 12 November 2011 - 03:16 PM.

  • 0

#103
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Better idea would be to run the sfc utility from windows

Go start > All programs > Accessories
Right click Command Prompt and select run as Administrator
In the box that opens type the following :

Sfc /scannow

Once it has finished then reboot and try MBAM again please


  • 0

#104
maezhou

maezhou

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here's MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8143

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

11/12/2011 2:18:05 PM
mbam-log-2011-11-12 (14-18-05).txt

Scan type: Quick scan
Objects scanned: 173969
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6F553C18-15E6-4E5E-8F44-ADD50DE754ED} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\downupdater.exe (Adware.CWS) -> Quarantined and deleted successfully.
c:\Windows\downloaded program files\nowstarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
c:\Windows\System32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#105
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it behaving now ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP