Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sudden slowdown + Can't open WindowsLive One Care & many other

Started by Malcontented , Jan 05 2010 04:35 PM

  • This topic is locked This topic is locked

#1
Malcontented
Posted 05 January 2010 - 04:35 PM

Malcontented

    Member

  • Member
  • PipPip
  • 14 posts
Hello Geeks,

I have an HP laptop (HP Pavilion dv6700 Notebook PC) running Windows Vista Home Premium. It has recently experienced a sudden slowdown and inability to open certain key programs. I discovered this on 1st January when many of the start up programs didn't load. Most notably, I am unable to open my anti-virus Windows Live One Care, or WinPatrol... I first tried a system restore but that only seemed to make matters worse as i could then only boot up in safe mode (with networking if i wanted access to the internet). So, I have worked through your Malware cleaning guide but unfortunately have had no real success. The TFC and ERUNT worked fine but the Malwarebytes' Anti-Malware found nothing. I also ran 'SpyBot - Search and Destroy' and that found nothing. The GMER Rootkit Scanner only caused the system to crash to the blue screen of death and on rebooting i got the following error report:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82051D45
BCP3: A0A3BA54
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini010210-01.dmp
C:\Users\Alasdair\AppData\Local\Temp\WER-72618-0.sysdata.xml
C:\Users\Alasdair\AppData\Local\Temp\WER6853.tmp.version.txt

Read our privacy statement:
http://go.microsoft....mp;clcid=0x0409




I went on though, and I did manage to get an OTL Log:


OTL logfile created on: 02/01/2010 21:08:38 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.38 Gb Total Space | 26.17 Gb Free Space | 11.82% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 2.06 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.23 Mb Total Space | 88.80 Mb Free Space | 36.97% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALASDAIR-PC
Current User Name: Alasdair
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/25 17:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/09 16:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2009/12/25 17:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2009/07/09 11:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/09 16:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/05/26 15:14:56 | 00,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 21:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/01 02:34:54 | 00,271,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/10/01 02:34:54 | 00,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/23 23:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 14:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/04/23 10:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/05 17:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 10:25:30 | 00,272,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 23:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/05/26 15:09:42 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/05/15 15:15:16 | 00,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/12/06 20:40:14 | 00,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/27 21:45:00 | 00,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 21:44:54 | 00,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/09/19 20:05:00 | 07,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/15 08:50:56 | 00,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/09 22:12:28 | 00,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 17:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 14:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 11:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 11:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 11:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/19 00:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/07 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/04/23 12:54:50 | 00,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 12:54:50 | 00,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 12:54:48 | 00,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 12:54:48 | 00,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 12:54:46 | 00,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/03/22 05:02:04 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 02:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 21:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 21:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 23:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 09:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/11/02 07:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 07:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/19 02:10:57 | 01,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/18 23:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.bbc.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.podcastfr...le.com/podcast/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/12/19 12:34:02 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\Mozilla\Firefox\extensions
[2009/12/19 12:34:02 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Alasdair\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (302817 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10437 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/26 03:07:32 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 15:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{db97434d-b303-11dd-baa8-001e687c5479}\Shell - "" = AutoRun
O33 - MountPoints2\{db97434d-b303-11dd-baa8-001e687c5479}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/21 02:33:58 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/02 20:04:05 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\Documents\Laptop problem
[2010/01/02 20:01:12 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/02 19:21:44 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\AppData\Roaming\Malwarebytes
[2010/01/02 19:21:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/02 19:21:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/02 19:21:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/02 19:21:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 19:20:50 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/02 19:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/26 12:15:58 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\AppData\Local\Scansoft
[2009/12/25 18:36:08 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/12/25 18:35:55 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/25 18:35:30 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\AppData\Roaming\Nuance
[2009/12/25 18:31:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2009/12/25 18:31:26 | 00,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2009/12/25 18:31:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2009/12/25 18:30:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2009/12/25 18:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\Nuance
[2009/12/19 12:34:02 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\AppData\Roaming\Mozilla
[2009/12/19 12:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/12/11 11:28:20 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/11 11:28:13 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/10 09:19:43 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/10 09:19:43 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/10 09:19:43 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/10 09:19:43 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/10 09:19:43 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/10 09:19:42 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/10 09:19:42 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/10 09:19:42 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/10 09:19:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/10 09:19:41 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/10 09:19:41 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/10 09:19:41 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/10 09:19:41 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/10 09:19:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/10 09:19:19 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll

========== Files - Modified Within 30 Days ==========

[2010/01/02 21:08:55 | 06,029,312 | -HS- | M] () -- C:\Users\Alasdair\ntuser.dat
[2010/01/02 21:05:10 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/02 21:05:10 | 00,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/02 21:05:10 | 00,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/02 20:56:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/02 20:56:33 | 13,311,0596 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/02 19:39:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/02 19:39:23 | 00,524,288 | -HS- | M] () -- C:\Users\Alasdair\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/02 19:39:23 | 00,065,536 | -HS- | M] () -- C:\Users\Alasdair\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/02 19:37:43 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 19:37:43 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/02 19:32:00 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55439AD0-1BFC-4C4F-8F49-D0BE83FC42AA}.job
[2010/01/02 19:21:44 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 19:19:37 | 00,000,733 | ---- | M] () -- C:\Users\Alasdair\Desktop\NTREGOPT.lnk
[2010/01/02 19:19:37 | 00,000,714 | ---- | M] () -- C:\Users\Alasdair\Desktop\ERUNT.lnk
[2010/01/01 13:57:48 | 00,027,620 | ---- | M] () -- C:\Users\Alasdair\AppData\Roaming\nvModes.001
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/27 11:39:17 | 00,002,355 | ---- | M] () -- C:\Users\Alasdair\AppData\Roaming\SAS7_000.DAT
[2009/12/26 12:14:48 | 00,000,520 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2009/12/26 12:14:48 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2009/12/26 12:14:48 | 00,000,412 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job
[2009/12/25 18:35:00 | 00,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2009/12/22 09:52:45 | 00,073,216 | ---- | M] () -- C:\Users\Alasdair\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Users\Alasdair\Desktop\gmer.exe
[2009/12/11 11:00:42 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAlasdair.job

========== Files Created - No Company Name ==========

[2010/01/02 20:01:01 | 13,311,0596 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/02 19:58:28 | 00,293,376 | ---- | C] () -- C:\Users\Alasdair\Desktop\gmer.exe
[2010/01/02 19:21:44 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 19:19:37 | 00,000,733 | ---- | C] () -- C:\Users\Alasdair\Desktop\NTREGOPT.lnk
[2010/01/02 19:19:37 | 00,000,714 | ---- | C] () -- C:\Users\Alasdair\Desktop\ERUNT.lnk
[2009/12/25 20:14:48 | 00,002,355 | ---- | C] () -- C:\Users\Alasdair\AppData\Roaming\SAS7_000.DAT
[2009/12/25 20:13:50 | 00,000,412 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Data Collection.job
[2009/12/25 20:12:49 | 00,000,520 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
[2009/12/25 20:12:48 | 00,000,496 | ---- | C] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
[2009/12/25 18:35:00 | 00,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2009/09/23 22:37:54 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 21:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/31 20:07:30 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/31 14:16:34 | 00,027,620 | ---- | C] () -- C:\Users\Alasdair\AppData\Roaming\nvModes.001
[2008/08/31 11:35:11 | 00,000,680 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\d3d9caps.dat
[2008/08/31 10:39:39 | 00,027,620 | ---- | C] () -- C:\Users\Alasdair\AppData\Roaming\nvModes.dat
[2008/08/30 17:56:56 | 00,073,216 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 11:58:54 | 00,000,000 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\QSwitch.txt
[2008/08/30 11:58:54 | 00,000,000 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\DSwitch.txt
[2008/08/30 11:58:54 | 00,000,000 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\AtStart.txt
[2008/06/11 10:12:24 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 22:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
< End of report >



This is the Extras part:


OTL Extras logfile created on: 02/01/2010 21:08:38 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.38 Gb Total Space | 26.17 Gb Free Space | 11.82% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 2.06 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.23 Mb Total Space | 88.80 Mb Free Space | 36.97% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALASDAIR-PC
Current User Name: Alasdair
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16C9654E-4F6B-41C6-ADD6-95342C6702AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1725AC81-DAFE-411C-9A6E-1DBE01CFD94A}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{737F2031-5A7D-43B4-9ED1-90FFA2F12A36}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{D9910694-F6FD-46FD-8532-450C342DBB8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0A2C5B5-8EEC-45D4-B72D-93B05DCA6EAF}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0016D94D-7285-439F-A87C-95145C18B1BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{06AC152F-A960-4C57-AB6F-73C06523D004}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{106F96DD-ABAD-46A3-BAC0-563DEFD77B54}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1B2CBF05-6CC5-46DB-BBBA-E89912F4C7DE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{26574878-9140-4255-9EF0-B304EFCC3405}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2AAC860C-AA35-4345-83EE-6E6508EA36D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41006EC0-2016-44E2-8CE1-3999049534DA}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{5A8EFD8C-8B01-4CCD-9E8F-10B0991A306D}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{6638D450-0D95-444B-92B6-0F456F25B802}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6DA45CD6-C4A5-4994-BE6A-C2DE9DB1F0B7}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{701D4DD7-528F-4033-85E5-BFBF6A49FFF2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{777B38CC-091F-45EE-8EA3-ED1DB15DAE94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{807D741F-5E9A-4648-A39B-4C477B64F247}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83BC555F-DDC1-438B-88E9-99797003222A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{84BFCFFE-3C11-4CB9-B573-303619295854}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{9086639F-75E9-45D0-A3A4-C681CA3BD478}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{91DCC603-0F14-437C-A3BA-FE39482118C4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{92A3022C-FC42-4E81-9E76-C74B511EF722}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{93B1141F-476C-49F4-BAB8-21721E2EDFD5}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{97C6BB2B-C65C-4A7E-B30F-821B5DF710EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9F0468B8-E6CF-4BCF-9C8A-69F838101986}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A4BF62A2-840A-4CE4-B536-B12244929FE6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB3DCA8A-56D4-43B7-A040-20CE14098FCC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C756066A-E76C-454B-9DA4-48AC31A8FD1F}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{EB8100D3-7DCE-4EC0-9D42-0A13B3D67BE7}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F780C07A-4E3F-4DC7-8121-890F532B5290}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43FC6F81-97E8-45D1-89F3-5E87FE066AE5}" = Mindjet MindManager Pro 6
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"4oD" = 4oD
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ask Toolbar_is1" = Ask Toolbar
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iDump" = iDump (Backing up your iPod)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PeerGuardian_is1" = PeerGuardian 2.0
"RealPlayer 6.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WildTangent hp Master Uninstall" = My HP Games
"WinPatrol" = WinPatrol 2008
"WinSS" = Windows Live OneCare

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/01/2010 00:00:54 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 00:09:28 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 00:09:28 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 00:09:28 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 00:09:28 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 01:09:17 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 01:09:17 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 01:09:25 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 01/01/2010 01:09:25 | Computer Name = Alasdair-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 02/01/2010 11:24:52 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 02/01/2010 17:03:57 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 02/01/2010 17:04:00 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 02/01/2010 17:04:00 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 02/01/2010 17:04:00 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 02/01/2010 17:04:00 | Computer Name = Alasdair-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 02/01/2010 17:04:00 | Computer Name = Alasdair-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 02/01/2010 17:04:33 | Computer Name = Alasdair-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 02/01/2010 17:04:35 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 02/01/2010 17:04:36 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 02/01/2010 17:04:36 | Computer Name = Alasdair-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


Well, since then I haven't done anything else. Although, the laptop booted up into normal mode today but is still experiencing the problem. I can't open Virgin Wireless Manager so if i want the internet for updates or anything it can only be had in 'safe mode with networking'.
I don't have any reason to believe this is a hardware issue. The laptop was working fine the night before. So i am assuming i've come under siege somehow... Please help!

Cheers,

Malcontented
  • 0

Advertisements

#2
jwang01
Posted 09 January 2010 - 02:38 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Hello Malcontented and and welcome to Geeks To Go. :)

I am jwang01 and I will be assisting you with your issue.


Sorry about the delay.


When we get to working on your computer you may want to print out or save my respones in notepad because there may be times were you will not be able to access them here.

Also, please don't attach your logs unless asked, as they can make them hard to read. Just post them as a reply.




Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
[2008/08/31 20:07:30 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.




Next



Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



Please post the log of OTL and attach both AVZ logs in your next reply.
  • 0

#3
Malcontented
Posted 10 January 2010 - 07:43 AM

Malcontented

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello jwang01,

Thank you so much for helping me.


Attached File  virusinfo_syscheck.zip   117.9KB   191 downloadsAttached File  virusinfo_syscure.zip   120.54KB   188 downloads

Here's the OTL log:

OTL logfile created on: 10/01/2010 12:26:17 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Alasdair\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.38 Gb Total Space | 26.37 Gb Free Space | 11.91% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 2.06 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.23 Mb Total Space | 82.62 Mb Free Space | 34.39% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALASDAIR-PC
Current User Name: Alasdair
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/25 17:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Alasdair\Desktop\OTL.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/09 16:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009/12/25 17:17:58 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Alasdair\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:15:38 | 01,139,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2009/07/09 11:15:32 | 00,026,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 06:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/09 16:05:22 | 00,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/05/26 15:14:56 | 00,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 21:45:02 | 00,869,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/01 02:34:54 | 00,271,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/10/01 02:34:54 | 00,112,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/23 23:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 14:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/04/23 10:22:14 | 03,068,352 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/03/05 17:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 10:25:30 | 00,272,024 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 23:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2004/10/22 11:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.bbc.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.podcastfr...le.com/podcast/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/12/19 12:34:02 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\Mozilla\Firefox\extensions
[2009/12/19 12:34:02 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Alasdair\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: (302817 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10437 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/26 03:07:32 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 15:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{db97434d-b303-11dd-baa8-001e687c5479}\Shell - "" = AutoRun
O33 - MountPoints2\{db97434d-b303-11dd-baa8-001e687c5479}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/10 12:12:23 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/10 12:10:38 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Alasdair\Desktop\OTL.exe
[2010/01/02 20:04:05 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\Documents\Laptop problem
[2010/01/02 19:21:44 | 00,000,000 | ---D | C] -- C:\Users\Alasdair\AppData\Roaming\Malwarebytes
[2010/01/02 19:21:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/02 19:21:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 19:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

========== Files - Modified Within 14 Days ==========

[2010/01/10 12:23:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/10 12:17:26 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/10 12:17:00 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55439AD0-1BFC-4C4F-8F49-D0BE83FC42AA}.job
[2010/01/10 12:16:51 | 06,029,312 | -HS- | M] () -- C:\Users\Alasdair\ntuser.dat
[2010/01/10 12:16:51 | 00,524,288 | -HS- | M] () -- C:\Users\Alasdair\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 12:16:51 | 00,065,536 | -HS- | M] () -- C:\Users\Alasdair\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/10 12:14:14 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 12:14:14 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 12:09:54 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/10 12:09:54 | 00,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/10 12:09:54 | 00,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/09 18:19:25 | 01,535,943 | -H-- | M] () -- C:\Users\Alasdair\AppData\Local\IconCache.db
[2010/01/03 13:28:01 | 00,001,356 | ---- | M] () -- C:\Users\Alasdair\AppData\Local\d3d9caps.dat
[2010/01/01 13:57:48 | 00,027,620 | ---- | M] () -- C:\Users\Alasdair\AppData\Roaming\nvModes.001

========== Files Created - No Company Name ==========

[2009/12/25 20:14:48 | 00,002,355 | ---- | C] () -- C:\Users\Alasdair\AppData\Roaming\SAS7_000.DAT
[2009/09/23 22:37:54 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 21:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/08/31 14:16:34 | 00,027,620 | ---- | C] () -- C:\Users\Alasdair\AppData\Roaming\nvModes.001
[2008/08/31 11:35:11 | 00,001,356 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\d3d9caps.dat
[2008/08/31 10:39:39 | 00,027,620 | ---- | C] () -- C:\Users\Alasdair\AppData\Roaming\nvModes.dat
[2008/08/30 17:56:56 | 00,073,216 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/30 11:58:54 | 00,000,000 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\QSwitch.txt
[2008/08/30 11:58:54 | 00,000,000 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\DSwitch.txt
[2008/08/30 11:58:54 | 00,000,000 | ---- | C] () -- C:\Users\Alasdair\AppData\Local\AtStart.txt
[2008/06/11 10:12:24 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 22:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/12/22 02:04:46 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\Azureus
[2009/12/25 18:35:30 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\Nuance
[2008/09/05 10:37:51 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\ourTunes
[2009/12/31 18:27:53 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\Spotify
[2008/08/30 15:40:55 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\WildTangent
[2008/12/14 14:56:11 | 00,000,000 | ---D | M] -- C:\Users\Alasdair\AppData\Roaming\WinPatrol
[2009/12/26 12:14:48 | 00,000,496 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2009/12/26 12:14:48 | 00,000,412 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Data Collection.job
[2009/12/26 12:14:48 | 00,000,520 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
[2010/01/10 12:17:26 | 00,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/10 12:17:00 | 00,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{55439AD0-1BFC-4C4F-8F49-D0BE83FC42AA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
< End of report >



Here's the Extras part:


OTL Extras logfile created on: 10/01/2010 12:26:17 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Alasdair\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.38 Gb Total Space | 26.37 Gb Free Space | 11.91% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 2.06 Gb Free Space | 17.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 240.23 Mb Total Space | 82.62 Mb Free Space | 34.39% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALASDAIR-PC
Current User Name: Alasdair
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16C9654E-4F6B-41C6-ADD6-95342C6702AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76F5BC69-7A8B-4FA2-BB27-A1DE7DB90948}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{D0DE5F60-9921-4704-8E34-251B81A1E120}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{D9910694-F6FD-46FD-8532-450C342DBB8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0A2C5B5-8EEC-45D4-B72D-93B05DCA6EAF}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0016D94D-7285-439F-A87C-95145C18B1BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{06AC152F-A960-4C57-AB6F-73C06523D004}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{106F96DD-ABAD-46A3-BAC0-563DEFD77B54}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1B2CBF05-6CC5-46DB-BBBA-E89912F4C7DE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{26574878-9140-4255-9EF0-B304EFCC3405}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2AAC860C-AA35-4345-83EE-6E6508EA36D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41006EC0-2016-44E2-8CE1-3999049534DA}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{5A8EFD8C-8B01-4CCD-9E8F-10B0991A306D}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{6638D450-0D95-444B-92B6-0F456F25B802}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{6DA45CD6-C4A5-4994-BE6A-C2DE9DB1F0B7}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{701D4DD7-528F-4033-85E5-BFBF6A49FFF2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{777B38CC-091F-45EE-8EA3-ED1DB15DAE94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{807D741F-5E9A-4648-A39B-4C477B64F247}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{83BC555F-DDC1-438B-88E9-99797003222A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{84BFCFFE-3C11-4CB9-B573-303619295854}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{9086639F-75E9-45D0-A3A4-C681CA3BD478}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{91DCC603-0F14-437C-A3BA-FE39482118C4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{92A3022C-FC42-4E81-9E76-C74B511EF722}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{93B1141F-476C-49F4-BAB8-21721E2EDFD5}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{97C6BB2B-C65C-4A7E-B30F-821B5DF710EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9F0468B8-E6CF-4BCF-9C8A-69F838101986}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A4BF62A2-840A-4CE4-B536-B12244929FE6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB3DCA8A-56D4-43B7-A040-20CE14098FCC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C756066A-E76C-454B-9DA4-48AC31A8FD1F}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{EB8100D3-7DCE-4EC0-9D42-0A13B3D67BE7}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F780C07A-4E3F-4DC7-8121-890F532B5290}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43FC6F81-97E8-45D1-89F3-5E87FE066AE5}" = Mindjet MindManager Pro 6
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.28
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.28
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"4oD" = 4oD
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ask Toolbar_is1" = Ask Toolbar
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iDump" = iDump (Backing up your iPod)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PeerGuardian_is1" = PeerGuardian 2.0
"RealPlayer 6.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WildTangent hp Master Uninstall" = My HP Games
"WinPatrol" = WinPatrol 2008
"WinSS" = Windows Live OneCare

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/01/2010 15:13:29 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 02/01/2010 15:52:38 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 02/01/2010 16:02:13 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 02/01/2010 16:05:01 | Computer Name = Alasdair-PC | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0x6f0, application start time
0x01ca8be69e2f564b.

Error - 02/01/2010 17:03:57 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 02/01/2010 17:14:33 | Computer Name = Alasdair-PC | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0x450, application start time
0x01ca8bf08cb2a3c0.

Error - 03/01/2010 08:05:19 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 03/01/2010 10:48:08 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 03/01/2010 16:13:42 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

Error - 06/01/2010 16:21:03 | Computer Name = Alasdair-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 10/01/2010 08:14:11 | Computer Name = Alasdair-PC | Source = HTTP | ID = 15021
Description =

Error - 10/01/2010 08:14:11 | Computer Name = Alasdair-PC | Source = HTTP | ID = 15021
Description =

Error - 10/01/2010 08:23:34 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 10/01/2010 08:23:34 | Computer Name = Alasdair-PC | Source = LSM | ID = 1048
Description =

Error - 10/01/2010 08:23:50 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 10/01/2010 08:23:57 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 10/01/2010 08:23:59 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 10/01/2010 08:24:02 | Computer Name = Alasdair-PC | Source = DCOM | ID = 10005
Description =

Error - 10/01/2010 08:24:42 | Computer Name = Alasdair-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/01/2010 08:24:42 | Computer Name = Alasdair-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Thanks again,

Malcontented
  • 0

#4
jwang01
Posted 10 January 2010 - 04:46 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Your logs are looking good now. Are you able to boot your computer into Normal mode now? How does it run in normal mode?


Try running an OTL Quick Scan in normal mode and post the log it produces back here in your next reply.
  • 0

#5
Malcontented
Posted 10 January 2010 - 05:20 PM

Malcontented

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Well, I can boot up into normal mode but it's the same as before. Can't open OTL, it just freezes. So, afraid the problem still remains....
  • 0

#6
jwang01
Posted 10 January 2010 - 05:29 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,



Ok, let's try a couple more scanners. You can do them from safe mode. :)



Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




Next



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



Please post the logs of MBAM and Kaspersky in your next reply
  • 0

#7
Malcontented
Posted 11 January 2010 - 03:01 AM

Malcontented

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Dwanj01,

So, I've run the scans but they didn't seem to find anything...

Thanks again for your help.

Here's the Malwarebytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.44
Database version: 3537
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18865

10/01/2010 23:45:46
mbam-log-2010-01-10 (23-45-46).txt

Scan type: Quick Scan
Objects scanned: 95334
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And this is the Kaspersky Online Scanner report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, January 11, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 10, 2010 23:25:16
Records in database: 3296988
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 190234
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:45:44

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#8
jwang01
Posted 11 January 2010 - 11:52 AM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


It's not looking like malware is going to be the issue here, but I would like to get one more scan to make sure.

Did you add any new programs or do any updates you can think of right before the problems started?



Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new Window should appear.
  • Make sure Scan all drives is selected and click on the Start button.
  • When it is complete a new Window will appear to indicate that the scan is finished.
  • The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

  • 0

#9
Malcontented
Posted 11 January 2010 - 12:31 PM

Malcontented

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello,

Well, I did install Dragon NaturallySpeaking 10 fairly recently, which i believe is quite an intense program. But the laptop was working fine for about a week after this. Apart from that, i've done no significant updates. I did initially try a system restore but that didn't seem to help...

Here's the SysProt Antirootkit log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Processes found

******************************************************************************************
******************************************************************************************
No Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ALASDAIR-PC:49599
Remote Address: EW-IN-F137.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49598
Remote Address: EW-IN-F102.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49597
Remote Address: PW-IN-F101.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49596
Remote Address: EZE03S01-IN-F95.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49595
Remote Address: EZE03S01-IN-F95.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49594
Remote Address: EW-IN-F101.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49592
Remote Address: EW-IN-F99.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49591
Remote Address: EW-IN-F99.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49590
Remote Address: EW-IN-F100.1E100.NET:HTTP
Type: TCP
Process: 1672 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:49525
Remote Address: 84.53.134.199:HTTP
Type: TCP
Process: 1152 (PID)
State: ESTABLISHED

Local Address: ALASDAIR-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: 4 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: 1328 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: 556 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: 572 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: 932 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: 484 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: 772 (PID)
State: LISTENING

Local Address: ALASDAIR-PC:138
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: ALASDAIR-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: 4 (PID)
State: NA

Local Address: ALASDAIR-PC:62491
Remote Address: NA
Type: UDP
Process: 1672 (PID)
State: NA

Local Address: ALASDAIR-PC:51704
Remote Address: NA
Type: UDP
Process: 1152 (PID)
State: NA

Local Address: ALASDAIR-PC:LLMNR
Remote Address: NA
Type: UDP
Process: 1044 (PID)
State: NA

Local Address: ALASDAIR-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: 956 (PID)
State: NA

Local Address: ALASDAIR-PC:500
Remote Address: NA
Type: UDP
Process: 956 (PID)
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found
  • 0

#10
jwang01
Posted 11 January 2010 - 01:14 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Got one more question for you. :)



When your in normal mode and you try to open programs, does your computer just lock up? Or does opening some programs give you some type of error?
  • 0

#11
Malcontented
Posted 11 January 2010 - 01:26 PM

Malcontented

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello,

When i try to open certain programs in normal mode, such as WinPatrol, nothing happens. With others it locks up and i can only get it working again by ending the program using the Task Manager. When i try to open my anti-virus, Windows Live One Care, I get an error message that says 'the program is not working or has stopped. See: help' but i can only get onto the help with the internet in safe mode and then i can't run any of the fixes as they say they require being in normal mode!!? But some programs are still working, such as Microsoft Word and VLC.

Oh dear, I just tried booting the computer into normal mode to check all of this and all i got was a black screen with a cursor after i logged on. Doesn't look too good...
  • 0

#12
jwang01
Posted 11 January 2010 - 01:57 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


I don't think tghe problems you are having are related to Malware. I am going to give you the closing speech to have you remove all the Anti-Malware tools we used over here.


Then go and create a thread in the Windows Vista forum and have one of the tech's over there try and help you out. Please give them a link to this thread so they can see what we have done here if they need to.


Then come back here and post a link to the thread there and I will let them know I have sent you over there and need some assistance. :)




Congratulations!! Your logs look clean! :)

Now we need to do a little house keeping and remove the tools we have used.

  • Click on OTL.exe
  • Click the Clean It button
  • If it tells you to reboot click Yes


Now the next list is some programs I like to recommend to people to help keep your computer safer. Keep in mind that these are all optional.

MalwareBytes Anti Malware
This is an exellent On Access Anti-Malware Scanner.

SuperAntiSpyware
This is an Anti-Spyware program that will help protect your PC with Real Time Protection. You should have one Anti-Spyware program that scans in real time. This will help prevent your PC from picking up any more malware.


TFC
This will help delete all temporary files.

Firefox
This is an alternative for Internet Explorer. Firefox is a more secure internet browser.


You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.

Heres how to do it:

  • Go to Start
  • Click on the Control Panel
  • Click on Security
  • Then click on Windows update
  • Then settings to turn Windows Update On/Off


You should check and make sure that you keep your Anti-Virus up to date. This is also a crucial part of your security. You can do this by clicking on your Anti-Virus and clicking on update. If your AV has an automatic update feature, i would recommend turning it on in the settings menu.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing :)
  • 0

#13
Malcontented
Posted 11 January 2010 - 02:21 PM

Malcontented

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, I've done the house-keeping and posted a new log in the windows vista forum. Here's the link:

http://www.geekstogo...Li-t264816.html

Sorry for barking up the wrong tree. Thank you so much for all your help jwang01. :)
  • 0

#14
jwang01
Posted 11 January 2010 - 02:27 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,



No problem. They may have sent you here anyway as it does sound like it could be malware related. I am going to close this topic now. Hope you can get it solved over there. :)
  • 0

#15
jwang01
Posted 11 January 2010 - 02:28 PM

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP