Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help acting strange

Started by CaperEscort , Sep 18 2010 02:11 PM

  • Please log in to reply

#1
CaperEscort
Posted 18 September 2010 - 02:11 PM

CaperEscort

    Member

  • Member
  • PipPip
  • 29 posts
Hi I have a laptop here that a friend dropped off for me to look at. It will start in safemode perfectly but when you try normal mode it gets to the welcome screen then just a black screen with the curser. If I press ctrl,alt,del I can open task manager but mostly will freeze task manager. Lately I can end explorer.exe and use task manager to restart explorer.exe and then windows will half load. By that I mean task bar shows up and start menu as well as the icons on the desktop but alot of the programs that start up don't and it is usually "one note" is the only program what loads with windows. If I try and go into anything like controll panel it freezes just that window or if I go to open a program that freezes. windows itself don't seem to freeze just won't let me open any program.

When I start up in safe mode I can do anything with the computer I put malware bytes, spybot, super-antispyware on it and updated and ran each and only spybot found like 200+ tracking cookies where the rest all came up clean. I thought maybe a rootkit or something like that so I ran gmer and when It goes to devices I get a blue screen 0x0000008e or it encounters a problem and closes. If I uncheck devices it goes through without a hitch. I tried to run avg from command line in safemode and it also gave the same blue screen error while it was doing the scan.

OTL logfile created on: 18/09/2010 4:50:17 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.37 Gb Total Space | 208.42 Gb Free Space | 72.53% Space Free | Partition Type: NTFS
Drive D: | 10.72 Gb Total Space | 1.80 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 959.70 Mb Total Space | 811.09 Mb Free Space | 84.52% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/30 14:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/08/30 14:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2009/04/11 03:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 23:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/18 16:13:51 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/18 16:13:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/09/18 16:11:02 | 000,387,968 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\owner\AppData\Local\Temp\AHABIWW.exe -- (AHABIWW)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/09/24 22:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/18 16:13:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/18 16:13:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/09/18 16:13:51 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/04/23 12:46:27 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/23 12:46:27 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/23 12:46:27 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/20 04:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/07/17 17:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/07/06 17:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 11:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/03 09:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/05/15 16:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/17 15:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 23:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 23:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 23:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 23:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 23:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 23:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 23:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 23:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 23:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 23:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 23:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 23:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 23:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 23:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 23:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 23:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 23:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 23:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 23:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 23:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 23:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 23:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 23:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/11/27 22:45:00 | 000,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 22:44:54 | 000,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/10/31 22:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 22:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 22:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 20:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 04:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 92 CF FF 3E 87 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...FORM=VE3D01&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sympatico.msn...ca/?lang=en-CA"
FF - prefs.js..keyword.URL: "http://www.bing.com/...FORM=VE3D01&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/18 16:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 12:49:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 12:49:47 | 000,000,000 | ---D | M]

[2009/07/25 21:42:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2010/07/29 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\extensions
[2009/08/02 11:42:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 23:01:06 | 000,001,820 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\searchplugins\bing.xml
[2009/06/23 14:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 142.177.2.130 142.166.145.137
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\owner\Pictures\2009-08-13 magic cove & public gardens\magic cove & public gardens 008.JPG
O24 - Desktop BackupWallPaper: C:\Users\owner\Pictures\2009-08-13 magic cove & public gardens\magic cove & public gardens 008.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/18 16:13:58 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/18 16:13:55 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/18 16:13:54 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/18 16:13:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/09/18 16:13:51 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/18 16:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/09/18 16:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/09/18 16:11:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RootkitRevealer
[2010/09/16 22:57:20 | 000,000,000 | ---D | C] -- C:\Rustbfix
[2010/09/15 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/15 18:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/15 18:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/15 18:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/15 18:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/15 18:27:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2010/09/15 18:26:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/15 18:26:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/15 18:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/15 18:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/09/18 16:46:48 | 000,314,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/18 16:46:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/18 16:46:19 | 416,235,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/18 16:44:57 | 002,359,296 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/09/18 16:14:36 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/18 16:14:36 | 000,680,260 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/09/18 16:14:36 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/18 16:14:36 | 000,129,454 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/09/18 16:14:36 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/18 16:14:05 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/18 16:13:58 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/18 16:13:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/18 16:13:54 | 058,888,023 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/18 16:13:54 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/18 16:13:54 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/18 16:13:51 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/18 16:08:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 16:08:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 16:08:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/18 16:07:55 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{6e60fa02-3f32-11df-bff3-001f16d4f508}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 16:07:55 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{6e60fa02-3f32-11df-bff3-001f16d4f508}.TM.blf
[2010/09/18 16:07:52 | 001,650,623 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db
[2010/09/18 16:06:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E9F16EB-FCF2-4939-9D62-4B67B90C2EEF}.job
[2010/09/16 22:56:14 | 000,401,108 | ---- | M] () -- C:\Users\owner\Desktop\rustbfix.exe
[2010/09/15 18:40:07 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/15 18:38:50 | 000,001,079 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/15 18:38:50 | 000,001,055 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/09/15 18:26:24 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 18:11:45 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/09/11 23:55:13 | 000,000,680 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/08/20 14:14:14 | 000,013,402 | ---- | M] () -- C:\Users\owner\Documents\visa fax.docx

========== Files Created - No Company Name ==========

[2010/09/18 16:14:05 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/18 16:13:54 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/18 16:13:53 | 058,888,023 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/16 22:57:18 | 000,401,108 | ---- | C] () -- C:\Users\owner\Desktop\rustbfix.exe
[2010/09/15 18:40:07 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/15 18:38:50 | 000,001,079 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/15 18:38:50 | 000,001,055 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/09/15 18:26:24 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 23:55:13 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/08/20 14:14:13 | 000,013,402 | ---- | C] () -- C:\Users\owner\Documents\visa fax.docx
[2009/12/25 21:11:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/23 19:36:06 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/07/08 14:46:30 | 000,028,672 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 14:28:57 | 000,001,658 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2009/06/23 17:44:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/23 17:00:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/23 14:11:33 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/23 14:11:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/06/23 14:01:06 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2009/06/23 14:01:06 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2009/06/23 14:01:06 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2009/06/06 14:32:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/06 14:32:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/06 14:32:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/06 14:31:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/06 14:29:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/06 14:29:15 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/23 13:38:58 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/23 13:33:54 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/23 13:32:15 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/23 13:31:04 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/07/06 17:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 11:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >



OTL Extras logfile created on: 18/09/2010 4:50:17 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.37 Gb Total Space | 208.42 Gb Free Space | 72.53% Space Free | Partition Type: NTFS
Drive D: | 10.72 Gb Total Space | 1.80 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 959.70 Mb Total Space | 811.09 Mb Free Space | 84.52% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ADC67A-9798-4B4A-96E8-40CB0F09E94C}" = rport=137 | protocol=17 | dir=out | app=system |
"{079A3954-D3A0-4E86-B118-E3ADD3544A71}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{083DD222-3856-4676-B36A-D73B666DD96F}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{29AB31C8-8175-4AD5-ADA3-F78C745ECF68}" = lport=138 | protocol=17 | dir=in | app=system |
"{542A4E7E-6C1E-45E6-ADE8-CD4CABD66B34}" = rport=445 | protocol=6 | dir=out | app=system |
"{5C688EAD-A998-49D4-80C0-F8AAD4FCAF13}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DE17F84-0CB5-49F6-BB7D-107802534E4D}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{81877EFA-A589-40D9-BCB6-E4477DCB87F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2BDEE4D-66E6-4057-B04D-9F9574ADFCBB}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBD6F9D5-EDBE-4BE6-B621-FF6E04A76C01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD833816-DD14-489E-9E47-99E508D3F552}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4AB34F6-7AB4-4A11-86A9-3F93890D52C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{D521CD81-03BE-42A8-ACAB-92F3FEBD5D2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9165EDA-4E38-4AC0-863E-1589893A458C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ECCE926D-18C7-473A-9A45-5DC10B599E13}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033BFAA8-31E6-41FB-BE77-1FAA8F82EAF8}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{08A9D71D-723F-4817-B760-AE60D6D3FDDF}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{1C275419-B6F4-40B8-82D9-C1FF39BB4AC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{290C93EF-9062-4720-ACC2-29E1F3E6A870}" = protocol=1 | dir=in | [email protected],-28543 |
"{38F727BE-E3AA-4172-A407-74CECEFEFF79}" = protocol=58 | dir=out | [email protected],-28546 |
"{59131E17-F4BD-4B11-856A-C602C9389C40}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61FF3E87-CFFF-4D8D-9404-A1B859E93CA3}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{6F7DD053-9482-4C9B-981E-911CE5FB0570}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{74D0F2B4-6B77-4CDF-A8C5-1E6089563975}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{8DF6D2F5-1031-4835-BD50-D5C4631C821E}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{8F4079C2-4500-4F26-AE99-71168D0D29E9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{95A89922-AABA-4005-B023-C6CA0E47D23B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98678E84-A067-4CAC-BED6-447D5F69CCA9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B8CF559C-EADC-49BB-A935-57AAA817B64B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{BD1AECBD-43CE-4C0B-A1E6-BF3E61743CA0}" = protocol=17 | dir=in | app=f:\sst\sst\utilities\norton removal tool\symnrt.exe |
"{C276C52F-1956-43C1-94AA-D597C077F82C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CED9B26B-F23C-4B40-85B6-11C8C1C780B6}" = protocol=1 | dir=out | [email protected],-28544 |
"{D74248C2-85AD-48F1-8DDD-938C42CD62BE}" = protocol=58 | dir=in | [email protected],-28545 |
"{E53791CB-4387-422E-BBB8-56847343AE8F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E5C2A62D-FC7D-493C-A11C-E99375DD68D2}" = protocol=6 | dir=in | app=f:\sst\sst\utilities\norton removal tool\symnrt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.30
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.30
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Web Sudoku Deluxe_is1" = Web Sudoku Deluxe 1.2.2
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinSS" = Windows Live OneCare
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2010 8:43:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:44:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:44:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:45:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:45:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:46:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:46:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:47:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:47:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2010 8:48:40 PM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 03/04/2010 11:06:52 AM | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:25:12 AM on 03/04/2010 was unexpected.

Error - 03/04/2010 11:06:58 AM | Computer Name = owner-PC | Source = OneCareMP | ID = 2004
Description = %%829 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%825

Error
Code: 0x80092003 Error description: An error occurred while reading or writing to
a file. Signatures loading: %%826 Loading signature version: 1.79.953.0;1.79.953.0

Loading
engine version: 1.1.5605.0

Error - 03/04/2010 11:07:22 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/04/2010 5:13:53 PM | Computer Name = owner-PC | Source = BROWSER | ID = 8032
Description =

Error - 07/04/2010 3:54:15 PM | Computer Name = owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0025560B1ACF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 07/04/2010 5:51:10 PM | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:03:53 PM on 07/04/2010 was unexpected.

Error - 07/04/2010 5:51:43 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07/04/2010 6:07:16 PM | Computer Name = owner-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 07/04/2010 8:19:05 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/04/2010 2:06:14 PM | Computer Name = owner-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0025560B1ACF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

[ Windows OneCare Events ]
Error - 30/08/2010 11:05:17 AM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 30/08/2010 6:15:20 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 30/08/2010 6:17:23 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 30/08/2010 8:04:01 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 01/09/2010 8:37:51 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 01/09/2010 8:38:01 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 02/09/2010 9:14:10 AM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 02/09/2010 11:22:43 AM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 02/09/2010 12:43:33 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 02/09/2010 1:36:37 PM | Computer Name = owner-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 19 September 2010 - 01:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it by right clicking and Run As Administrator and look at the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Click on the arrow in front of Event Viewer and select Windows Logs. Right click on System and Clear Log, Clear, OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
CaperEscort
Posted 19 September 2010 - 08:42 PM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
1) For starters I cannot run any programs from normal mode as they just freeze when I click on the icon and the circle (busy sign) just keeps spinning (left combofix trying for over 2 hours no change) so all scans were done in safemode.
2)Disabled all non microsoft programs with shell ex view. (no change)
3)Checked disk for errors (no change)
4)Sfc (never found anything)
5)Sigverify (found nothing)

6)Vino's Event Viewer v01c run on Windows Vista in English
Report run at 19/09/2010 11:36:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/09/2010 2:23:37 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC MSFWHLPR NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The MSFWDrv service depends on the MSFWHLPR service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

Log: 'System' Date/Time: 20/09/2010 2:23:35 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/09/2010 2:22:38 AM
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 20/09/2010 2:21:02 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/09/2010 2:13:29 AM
Type: Warning Category: 0
Event: 1 Source: RTL8169
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 20/09/2010 12:20:06 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#4
RKinner
Posted 19 September 2010 - 09:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 

:OTL
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


You have two or more anti-virus programs running. AVG 9, Windows One Care and something from Symantec.

Uninstall

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare

Also uninstall the obsolete Java program while you are at it:
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

Then make sure AVG 9 is off (Don't assume because you are in Safe Mode that it is not running. If you can't figure out how to make it stop then just uninstall it for now.) and redownload Combofix. Save it as George2.exe this time. See if you can get it to work now. It normally takes about 10 minutes.



Let's try the bitdefender quickscan. Close your browsers then right click on a browser (IE or Firefox) and Run As Administrator then go to:

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Also TDSSKiller

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
    RIGHT-click on TDSSKiller.exe and Select Run As Administrator.
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

#5
CaperEscort
Posted 20 September 2010 - 03:54 PM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I couldn't remove the antivirus programs as I can only boot into safe mode, I even tried the removal tools from there sites and when I clicked on them they just froze and wouldn't even start up. Also java couldn't be removed in safe mode.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: owner
->Temp folder emptied: 35527392 bytes
->Temporary Internet Files folder emptied: 52470201 bytes
->Java cache emptied: 1313 bytes
->FireFox cache emptied: 95704903 bytes
->Flash cache emptied: 3885420 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1579574869 bytes

Total Files Cleaned = 1,685.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09202010_183237

Files\Folders moved on Reboot...
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z3LNHKAZ(25)\food;ss=cooking_school;atitle=best_recipes_ever_airing_january_4_2010_on_cbc;pg=content;pos=but2;tile=16;sz=120x600,160x600,300x250,300x600;ord=1283726768468[1] not found!
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MWZY2GQG(24)\;show=best_recipes_ever;sport=not_specified;season=;type=webisode;section=;event=;liveondemand=on-demand;shortClip=false;audioonly=false;ord=1283727625250[1].asx not found!
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MWZY2GQG(24)\food;ss=cooking_school;atitle=best_recipes_ever_airing_january_4_2010_on_cbc;pg=content;pos=but2;tile=16;sz=120x600,160x600,300x250,300x600;ord=1283726529271[1] not found!
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MWZY2GQG(24)\_ever;sport=not_specified;season=;type=webisode;section=;event=;liveondemand=on-demand;shortClip=false;audioonly=false;dc_seed=226877570;ord=1804127756219[1].htm not found!
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCXQ2JOT(23)\category=null;contcat=null;kw=coleslaw+site_www.cbc.ca_bestrecipes+OR+site_www.cbc[1].ca%2Fvideo%2Fshows%2Fwatch%2FBest%2520Recipes%2520Ever;ord=6698579265483366 not found!
File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9XWF68IH(20)\ch;category=null;contcat=null;kw=fried+cicken+site_www.cbc.ca_bestrecipes+OR+site_www.cbc.ca_video_shows_watch_Best%2520Recipes%2520Ever;ord=778746978195227[1].7 not found!

Registry entries deleted on Reboot...












OTL logfile created on: 20/09/2010 6:40:09 PM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = F:\Spyware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.37 Gb Total Space | 210.75 Gb Free Space | 73.34% Space Free | Partition Type: NTFS
Drive D: | 10.72 Gb Total Space | 1.80 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 959.70 Mb Total Space | 802.14 Mb Free Space | 83.58% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/30 14:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\Spyware\OTL.exe
PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2010/08/30 14:07:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\Spyware\OTL.exe
MOD - [2009/04/11 03:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 23:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Users\owner\AppData\Local\Temp\AHABIWW.exe -- (AHABIWW)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/09/24 22:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/06 13:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/01/20 23:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/04/23 12:46:27 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/23 12:46:27 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/23 12:46:27 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/20 04:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/07/17 17:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/07/06 17:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 11:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/03 09:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/05/15 16:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/04/17 15:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 23:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 23:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 23:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 23:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 23:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 23:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 23:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 23:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 23:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 23:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 23:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 23:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 23:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 23:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 23:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 23:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 23:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 23:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 23:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 23:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 23:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 23:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 23:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/11/27 22:45:00 | 000,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 22:44:54 | 000,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/10/31 22:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 22:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 22:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 20:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 06:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 06:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 06:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 06:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 06:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 06:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 06:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 06:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 06:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 06:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 06:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 05:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 05:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 05:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 05:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 05:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 04:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 04:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 92 CF FF 3E 87 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...FORM=VE3D01&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sympatico.msn...ca/?lang=en-CA"
FF - prefs.js..keyword.URL: "http://www.bing.com/...FORM=VE3D01&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 12:49:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 12:49:47 | 000,000,000 | ---D | M]

[2009/07/25 21:42:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2010/07/29 15:50:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\extensions
[2009/08/02 11:42:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/09 23:01:06 | 000,001,820 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\searchplugins\bing.xml
[2009/06/23 14:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 142.177.2.130 142.166.145.137
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\owner\Pictures\2009-08-13 magic cove & public gardens\magic cove & public gardens 008.JPG
O24 - Desktop BackupWallPaper: C:\Users\owner\Pictures\2009-08-13 magic cove & public gardens\magic cove & public gardens 008.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/20 18:23:57 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\owner\Desktop\Norton_Removal_Tool.exe
[2010/09/20 18:23:57 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\owner\Desktop\Norton_Removal_Too2l.exe
[2010/09/20 18:23:48 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\tdsskiller.exe
[2010/09/19 20:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/09/19 20:34:53 | 000,061,440 | ---- | C] ( ) -- C:\Users\owner\Desktop\VEW.exe
[2010/09/18 16:11:24 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RootkitRevealer
[2010/09/16 22:57:20 | 000,000,000 | ---D | C] -- C:\Rustbfix
[2010/09/15 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/15 18:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/15 18:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/15 18:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/15 18:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/15 18:27:29 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2010/09/15 18:26:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/15 18:26:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/15 18:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/15 18:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 90 Days ==========

[2010/09/20 18:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/20 18:35:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/20 18:35:21 | 002,359,296 | -HS- | M] () -- C:\Users\owner\ntuser.dat
[2010/09/20 18:35:21 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{6e60fa02-3f32-11df-bff3-001f16d4f508}.TMContainer00000000000000000001.regtrans-ms
[2010/09/20 18:35:21 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{6e60fa02-3f32-11df-bff3-001f16d4f508}.TM.blf
[2010/09/20 18:34:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 18:34:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/20 18:24:31 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/20 18:24:31 | 000,680,260 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/09/20 18:24:31 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/20 18:24:31 | 000,129,454 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/09/20 18:24:31 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/20 18:22:12 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\owner\Desktop\Norton_Removal_Tool.exe
[2010/09/20 18:22:12 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\owner\Desktop\Norton_Removal_Too2l.exe
[2010/09/20 18:18:46 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\owner\Desktop\tdsskiller.exe
[2010/09/19 23:21:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E9F16EB-FCF2-4939-9D62-4B67B90C2EEF}.job
[2010/09/19 19:05:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\owner\Desktop\VEW.exe
[2010/09/19 19:03:26 | 000,124,706 | ---- | M] () -- C:\Users\owner\Desktop\shexview_setup.exe
[2010/09/19 19:00:04 | 003,846,590 | ---- | M] () -- C:\Users\owner\Desktop\George.exe
[2010/09/18 16:46:48 | 000,314,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/18 16:46:19 | 416,235,237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/16 22:56:14 | 000,401,108 | ---- | M] () -- C:\Users\owner\Desktop\rustbfix.exe
[2010/09/15 18:40:07 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/15 18:38:50 | 000,001,079 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/15 18:38:50 | 000,001,055 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/09/15 18:26:24 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 18:11:45 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/09/11 23:55:13 | 000,000,680 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/08/20 14:14:14 | 000,013,402 | ---- | M] () -- C:\Users\owner\Documents\visa fax.docx
[2010/07/24 14:36:55 | 000,028,672 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/09/19 20:34:53 | 000,124,706 | ---- | C] () -- C:\Users\owner\Desktop\shexview_setup.exe
[2010/09/19 19:02:05 | 003,846,590 | ---- | C] () -- C:\Users\owner\Desktop\George.exe
[2010/09/16 22:57:18 | 000,401,108 | ---- | C] () -- C:\Users\owner\Desktop\rustbfix.exe
[2010/09/15 18:40:07 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/15 18:38:50 | 000,001,079 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/09/15 18:38:50 | 000,001,055 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/09/15 18:26:24 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 23:55:13 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2010/08/20 14:14:13 | 000,013,402 | ---- | C] () -- C:\Users\owner\Documents\visa fax.docx
[2009/12/25 21:11:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/23 19:36:06 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/07/08 14:46:30 | 000,028,672 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 14:28:57 | 000,001,658 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2009/06/23 17:44:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/06/23 17:00:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/23 14:11:33 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/06/23 14:11:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/06/23 14:01:06 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2009/06/23 14:01:06 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2009/06/23 14:01:06 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2009/06/06 14:32:31 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/06 14:32:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/06 14:32:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/06 14:31:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/06 14:29:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/06 14:29:15 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/23 13:38:58 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/23 13:33:54 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/23 13:32:15 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/23 13:31:04 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/07/06 17:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 11:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/07/30 21:17:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2010/09/20 18:35:55 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/19 23:21:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0E9F16EB-FCF2-4939-9D62-4B67B90C2EEF}.job

========== Purity Check ==========


< End of report >



2010/09/20 18:30:18.0198 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/20 18:30:18.0198 ================================================================================
2010/09/20 18:30:18.0198 SystemInfo:
2010/09/20 18:30:18.0198
2010/09/20 18:30:18.0198 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/20 18:30:18.0198 Product type: Workstation
2010/09/20 18:30:18.0198 ComputerName: OWNER-PC
2010/09/20 18:30:18.0198 UserName: owner
2010/09/20 18:30:18.0198 Windows directory: C:\Windows
2010/09/20 18:30:18.0198 System windows directory: C:\Windows
2010/09/20 18:30:18.0198 Processor architecture: Intel x86
2010/09/20 18:30:18.0198 Number of processors: 2
2010/09/20 18:30:18.0198 Page size: 0x1000
2010/09/20 18:30:18.0198 Boot type: Safe boot with network
2010/09/20 18:30:18.0198 ================================================================================
2010/09/20 18:30:18.0978 Initialize success
2010/09/20 18:30:27.0496 ================================================================================
2010/09/20 18:30:27.0496 Scan started
2010/09/20 18:30:27.0496 Mode: Manual;
2010/09/20 18:30:27.0496 ================================================================================
2010/09/20 18:30:27.0886 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/20 18:30:27.0948 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/20 18:30:27.0979 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/20 18:30:27.0995 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/20 18:30:28.0026 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/20 18:30:28.0104 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/20 18:30:28.0135 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/20 18:30:28.0166 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/20 18:30:28.0198 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2010/09/20 18:30:28.0213 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/20 18:30:28.0244 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2010/09/20 18:30:28.0354 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/20 18:30:28.0447 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/20 18:30:28.0463 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/20 18:30:28.0494 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/20 18:30:28.0556 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/20 18:30:28.0588 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/20 18:30:28.0650 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
2010/09/20 18:30:28.0744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/20 18:30:28.0790 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/20 18:30:28.0822 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/20 18:30:28.0853 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/20 18:30:28.0884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/20 18:30:28.0946 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/20 18:30:28.0978 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/20 18:30:29.0009 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/20 18:30:29.0071 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/20 18:30:29.0102 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/20 18:30:29.0134 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/20 18:30:29.0196 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/20 18:30:29.0243 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/09/20 18:30:29.0290 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/20 18:30:29.0336 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/20 18:30:29.0368 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2010/09/20 18:30:29.0399 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
2010/09/20 18:30:29.0430 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/20 18:30:29.0477 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/20 18:30:29.0492 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/20 18:30:29.0570 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/20 18:30:29.0617 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/20 18:30:29.0664 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/20 18:30:29.0711 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/20 18:30:29.0773 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/20 18:30:29.0820 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/20 18:30:29.0867 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/20 18:30:29.0914 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/20 18:30:29.0992 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/20 18:30:30.0038 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/20 18:30:30.0070 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/20 18:30:30.0116 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/20 18:30:30.0163 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/20 18:30:30.0194 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/20 18:30:30.0226 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/20 18:30:30.0272 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/09/20 18:30:30.0319 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/20 18:30:30.0350 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/20 18:30:30.0397 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/20 18:30:30.0444 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/20 18:30:30.0522 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/20 18:30:30.0553 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/20 18:30:30.0584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/09/20 18:30:30.0631 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/09/20 18:30:30.0678 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/20 18:30:30.0725 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/09/20 18:30:30.0787 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/09/20 18:30:30.0834 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/09/20 18:30:30.0881 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/20 18:30:30.0928 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/20 18:30:30.0959 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/20 18:30:30.0990 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/20 18:30:31.0115 igfx (f1f52f4b4dd7cb8b47570690363f1b28) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/20 18:30:31.0193 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/20 18:30:31.0255 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
2010/09/20 18:30:31.0271 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2010/09/20 18:30:31.0302 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/20 18:30:31.0333 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/20 18:30:31.0380 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/20 18:30:31.0427 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/20 18:30:31.0474 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/20 18:30:31.0489 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/20 18:30:31.0536 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/20 18:30:31.0567 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/20 18:30:31.0583 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/20 18:30:31.0614 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/20 18:30:31.0630 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/09/20 18:30:31.0692 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/20 18:30:31.0786 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/20 18:30:31.0832 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/20 18:30:31.0848 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/20 18:30:31.0879 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/20 18:30:31.0910 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/20 18:30:31.0957 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/09/20 18:30:31.0988 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/20 18:30:32.0020 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/20 18:30:32.0066 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/20 18:30:32.0113 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/20 18:30:32.0144 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/20 18:30:32.0176 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2010/09/20 18:30:32.0207 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/20 18:30:32.0238 MpFilter (8bf5b8c88b83afa326ef090d8b5a77c6) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/09/20 18:30:32.0254 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/20 18:30:32.0285 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/20 18:30:32.0316 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/20 18:30:32.0363 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/20 18:30:32.0394 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/20 18:30:32.0425 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/20 18:30:32.0456 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/20 18:30:32.0503 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/09/20 18:30:32.0534 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/20 18:30:32.0566 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/20 18:30:32.0612 MSFWDrv (3a6b23341e250f9a9759e3e6b462a699) C:\Windows\system32\DRIVERS\msfwdrv.sys
2010/09/20 18:30:32.0659 MSFWHLPR (357eba1d9693ac45887c534667a9fc58) C:\Windows\system32\DRIVERS\msfwhlpr.sys
2010/09/20 18:30:32.0690 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/20 18:30:32.0737 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/20 18:30:32.0768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/20 18:30:32.0800 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/20 18:30:32.0846 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/20 18:30:32.0878 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/20 18:30:32.0909 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/20 18:30:32.0940 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/20 18:30:32.0987 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/20 18:30:33.0018 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/20 18:30:33.0049 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/20 18:30:33.0080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/20 18:30:33.0112 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/20 18:30:33.0143 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/20 18:30:33.0174 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/20 18:30:33.0221 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/20 18:30:33.0346 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/09/20 18:30:33.0455 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/20 18:30:33.0517 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/20 18:30:33.0548 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/20 18:30:33.0611 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/20 18:30:33.0673 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/20 18:30:33.0704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/20 18:30:33.0736 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/20 18:30:33.0751 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/20 18:30:33.0782 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/20 18:30:33.0860 OA004Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA004Ufd.sys
2010/09/20 18:30:33.0907 OA004Vid (12a4366ff51befbdf018f654ff8b22b8) C:\Windows\system32\DRIVERS\OA004Vid.sys
2010/09/20 18:30:33.0954 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/20 18:30:34.0016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/20 18:30:34.0048 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/20 18:30:34.0079 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/20 18:30:34.0126 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/20 18:30:34.0157 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2010/09/20 18:30:34.0204 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/20 18:30:34.0250 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/20 18:30:34.0375 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/20 18:30:34.0406 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/20 18:30:34.0453 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/20 18:30:34.0484 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/09/20 18:30:34.0531 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/20 18:30:34.0594 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/20 18:30:34.0625 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/20 18:30:34.0656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/20 18:30:34.0672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/20 18:30:34.0718 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/20 18:30:34.0765 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/20 18:30:34.0796 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/20 18:30:34.0828 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/20 18:30:34.0874 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/20 18:30:34.0890 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/20 18:30:34.0952 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/20 18:30:35.0015 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/20 18:30:35.0077 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/09/20 18:30:35.0124 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
2010/09/20 18:30:35.0171 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/20 18:30:35.0218 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/20 18:30:35.0264 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/20 18:30:35.0296 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/20 18:30:35.0342 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/20 18:30:35.0358 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/20 18:30:35.0420 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/09/20 18:30:35.0452 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/20 18:30:35.0467 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/20 18:30:35.0514 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/20 18:30:35.0576 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/20 18:30:35.0623 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/20 18:30:35.0654 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/20 18:30:35.0717 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/20 18:30:35.0764 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/20 18:30:35.0826 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/20 18:30:35.0873 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/20 18:30:35.0920 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/20 18:30:35.0966 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/20 18:30:35.0998 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/20 18:30:36.0013 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/20 18:30:36.0044 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/20 18:30:36.0076 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/20 18:30:36.0169 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/20 18:30:36.0216 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/20 18:30:36.0263 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/20 18:30:36.0294 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/20 18:30:36.0325 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/20 18:30:36.0356 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/20 18:30:36.0403 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/20 18:30:36.0481 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/20 18:30:36.0512 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/20 18:30:36.0528 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/20 18:30:36.0575 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/20 18:30:36.0606 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/20 18:30:36.0668 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/20 18:30:36.0700 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/20 18:30:36.0715 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/20 18:30:36.0746 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/20 18:30:36.0762 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/20 18:30:36.0809 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/20 18:30:36.0856 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/20 18:30:36.0902 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/20 18:30:36.0934 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/20 18:30:36.0965 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/20 18:30:36.0996 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/09/20 18:30:37.0027 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/20 18:30:37.0058 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/20 18:30:37.0121 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/20 18:30:37.0168 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/20 18:30:37.0199 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/20 18:30:37.0230 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/20 18:30:37.0261 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/20 18:30:37.0292 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2010/09/20 18:30:37.0324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/20 18:30:37.0386 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/09/20 18:30:37.0464 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/20 18:30:37.0480 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/20 18:30:37.0542 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/20 18:30:37.0573 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/20 18:30:37.0589 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/20 18:30:37.0620 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/20 18:30:37.0667 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/20 18:30:37.0760 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/09/20 18:30:37.0870 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/20 18:30:37.0932 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/09/20 18:30:37.0963 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/20 18:30:38.0010 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/20 18:30:38.0057 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2010/09/20 18:30:38.0119 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/09/20 18:30:38.0150 ================================================================================
2010/09/20 18:30:38.0150 Scan finished
2010/09/20 18:30:38.0150 ================================================================================











QuickScan Beta 32-bit v0.9.9.38
-------------------------------
Scan date: Mon Sep 20 18:51:43 2010
Machine ID: 4A8BF84A



No infection found.
-------------------



Processes
---------
Microsoft® Windows® Operating System 1148 C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System 1396 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 480 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 516 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 612 C:\Windows\System32\lsass.exe
Microsoft® Windows® Operating System 620 C:\Windows\System32\lsm.exe
Microsoft® Windows® Operating System 600 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 412 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 764 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 824 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 860 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 940 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 968 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 996 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1048 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1064 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1236 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 1576 C:\Windows\System32\svchost.exe
Microsoft® Windows® Operating System 340 C:\Windows\System32\wbem\unsecapp.exe
Microsoft® Windows® Operating System 404 C:\Windows\System32\wbem\WmiPrvSE.exe
Microsoft® Windows® Operating System 524 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 568 C:\Windows\System32\winlogon.exe
Windows® Internet Explorer 1688 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 1820 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1820) connected on port 80 (HTTP) --> 184.84.76.20
Process iexplore.exe (1820) connected on port 80 (HTTP) --> 142.176.121.80
Process iexplore.exe (1820) connected on port 80 (HTTP) --> 72.14.204.100
Process iexplore.exe (1820) connected on port 80 (HTTP) --> 184.84.69.115
Process iexplore.exe (1820) connected on port 80 (HTTP) --> 66.235.142.24

Process wininit.exe (524) listens on ports: 49152 (RPC)
Process services.exe (600) listens on ports: 49155 (RPC)
Process lsass.exe (612) listens on ports: 49154 (RPC)
Process svchost.exe (824) listens on ports: 135 (RPC)
Process svchost.exe (940) listens on ports: 49153 (RPC)


Autoruns and critical files
---------------------------
HP Quick Launch Buttons C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HP QuickPlay C:\Program Files\HP\QuickPlay\QPService.exe
HP Wireless Assistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Intel® Common User Interface C:\Windows\system32\hkcmd.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
Intel® Common User Interface C:\Windows\system32\igfxpers.exe
LightScribe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
Microsoft® Windows® Operating System C:\Windows\system32\cmd.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Skype C:\Program Files\Skype\Phone\Skype.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
Windows Live Family Safety Filter C:\Program Files\Windows Live\Family Safety\fsui.exe
Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Family Safety Browser Helper Object Lib c:\program files\windows live\family safety\fssbho.dll
Java™ Platform SE 6 U7 c:\program files\java\jre1.6.0_07\bin\ssv.dll
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MSN Photo Upload Control C:\Windows\Downloaded Program Files\PURen-ca.dll
MSN® Toolbar c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.5.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Windows Live Photo Upload Control C:\Windows\Downloaded Program Files\MsnPUpld.dll
Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
--> HKLM\System\ControlSet001\services\OneCareMP\"ImagePath"

File not found: C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
--> HKLM\System\ControlSet001\services\msfwsvc\"ImagePath"

File not found: C:\Program Files\Microsoft Windows OneCare Live\winss.exe
--> HKLM\System\ControlSet001\services\winss\"ImagePath"

File not found: C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"OneCareUI"

File not found: C:\Program Files\Virtual Earth 3D\
--> HLKM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0\"Path"

File not found: c:\program files\avg\avg9\avgssie.dll
--> HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\InprocServer32\(default)

File not found: system32\DRIVERS\MpFilter.sys
--> HKLM\System\ControlSet001\services\MpFilter\"ImagePath"

File not found: system32\DRIVERS\msfwdrv.sys
--> HKLM\System\ControlSet001\services\MSFWDrv\"ImagePath"

File not found: system32\DRIVERS\msfwhlpr.sys
--> HKLM\System\ControlSet001\services\MSFWHLPR\"ImagePath"


Scan
----


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 0.77 KB recvd
Scanned 787 files and modules - 20 seconds

==============================================================================
  • 0

#6
CaperEscort
Posted 20 September 2010 - 05:47 PM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
**Update**

I started up in safemode opened up msconfig and selected diagnostic startup and restarted and boom started up. then went back in msconfig and disabled all startup programs and enabled them one by one and all I am left with is the sidebar and a windows live program (family safety I think) and stopped at that. the problem I am having now is when I click on a program it still won't open it just sits there with the arrow and the circle spinning. I did manage to get combofix to run below is the log file.

ComboFix 10-09-17.04 - owner 20/09/2010 19:50:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3002.2441 [GMT -3:00]
Running from: F:\George.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 22:48 . 2010-09-20 22:48 -------- d-----w- C:\32788R22FWJFW
2010-09-20 21:51 . 2010-09-20 21:51 -------- d-----w- c:\users\owner\AppData\Roaming\QuickScan
2010-09-20 21:43 . 2010-09-20 21:44 -------- d-----w- C:\WINSSLog
2010-09-19 23:35 . 2010-09-19 23:35 -------- d-----w- c:\program files\NirSoft
2010-09-17 01:57 . 2010-09-17 01:57 -------- d-----w- C:\Rustbfix
2010-09-15 21:41 . 2010-09-16 22:00 63488 ----a-w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-15 21:41 . 2010-09-15 21:41 52224 ----a-w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-15 21:40 . 2010-09-16 22:00 117760 ----a-w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-15 21:40 . 2010-09-15 21:40 -------- d-----w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com
2010-09-15 21:40 . 2010-09-15 21:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-15 21:40 . 2010-09-16 21:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-15 21:38 . 2010-09-15 21:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 21:38 . 2010-09-15 21:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 21:27 . 2010-09-15 21:27 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2010-09-15 21:26 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 21:26 . 2010-09-15 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 21:26 . 2010-09-15 21:26 -------- d-----w- c:\programdata\Malwarebytes
2010-09-15 21:26 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 02:55 . 2010-09-20 22:39 680 ----a-w- c:\users\owner\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 22:56 . 2009-04-23 15:32 681856 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-20 22:56 . 2009-04-23 15:32 130648 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-15 21:13 . 2009-12-26 00:07 -------- d-----w- c:\users\owner\AppData\Roaming\Skype
2010-09-12 07:39 . 2009-06-23 16:54 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 20:09 . 2009-06-23 16:53 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 20:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 06:05 . 2010-08-12 19:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 19:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 19:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 19:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 15:46 . 2009-04-23 15:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^George.exe]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\George.exe
backup=c:\windows\pss\George.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-06 01:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-07-10 22:27 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 18:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-10 22:27 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 17:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-16 21:58 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [x]
R3 AHABIWW;AHABIWW;c:\users\owner\AppData\Local\Temp\AHABIWW.exe [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\DRIVERS\OA004Ufd.sys [2008-06-03 144672]
S3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\DRIVERS\OA004Vid.sys [2008-07-17 269760]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{0E9F16EB-FCF2-4939-9D62-4B67B90C2EEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/?lang=en-CA
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-OneCareMP
MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 19:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-20 19:59:23
ComboFix-quarantined-files.txt 2010-09-20 22:59

Pre-Run: 222,544,617,472 bytes free
Post-Run: 222,433,345,536 bytes free

- - End Of File - - 690AF5C916DF1C45109C1D2D9892AA2E
  • 0

#7
RKinner
Posted 20 September 2010 - 07:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Good work.

See if you can get this to work:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe
c:\users\owner\AppData\Local\Temp\AHABIWW.exe

Driver::
OcHealthMon
AHABIWW
msfwsvc
winss
OneCareUI
MSFWDrv
MSFWHLPR
MpFilter
OneCareMP

Folder::
c:\program files\Microsoft Windows OneCare Live
C:\Program Files\AVG


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#8
CaperEscort
Posted 21 September 2010 - 06:40 PM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix 10-09-17.04 - owner 21/09/2010 20:30:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3002.2451 [GMT -3:00]
Running from: c:\users\owner\Desktop\George.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe"
"c:\users\owner\AppData\Local\Temp\AHABIWW.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\Drivers\mpfilter\mpfilter.cat
c:\program files\Microsoft Windows OneCare Live\Antivirus\Drivers\mpfilter\mpfilter.inf
c:\program files\Microsoft Windows OneCare Live\Antivirus\Drivers\mpfilter\mpfilter.sys
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpAsDesc.dll
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpAvRtm.dll
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpClient.dll
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\mpevmsg.dll
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpSvc.dll
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpUtil.dll
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpLics.dll
c:\program files\Microsoft Windows OneCare Live\AVShellExt.dll
c:\program files\Microsoft Windows OneCare Live\BackupEngine.dll
c:\program files\Microsoft Windows OneCare Live\BackupWizard.exe
c:\program files\Microsoft Windows OneCare Live\Cert.dll
c:\program files\Microsoft Windows OneCare Live\CleanupWizard.exe
c:\program files\Microsoft Windows OneCare Live\clientinterop.dll
c:\program files\Microsoft Windows OneCare Live\ConflictingAppModule.dll
c:\program files\Microsoft Windows OneCare Live\Firewall\Drivers\MSFWdrv\msfwdrv.cat
c:\program files\Microsoft Windows OneCare Live\Firewall\Drivers\MSFWdrv\msfwdrv.inf
c:\program files\Microsoft Windows OneCare Live\Firewall\Drivers\MSFWdrv\msfwdrv.sys
c:\program files\Microsoft Windows OneCare Live\Firewall\Drivers\MSFWhlpr\msfwhlpr.cat
c:\program files\Microsoft Windows OneCare Live\Firewall\Drivers\MSFWhlpr\msfwhlpr.inf
c:\program files\Microsoft Windows OneCare Live\Firewall\Drivers\MSFWhlpr\msfwhlpr.sys
c:\program files\Microsoft Windows OneCare Live\Firewall\mpscatapi.dll
c:\program files\Microsoft Windows OneCare Live\Firewall\MPSSvcErrorMsg.dll
c:\program files\Microsoft Windows OneCare Live\Firewall\mpssvcMsg.dll
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwapi.dll
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\MSFWSVCResource.dll
c:\program files\Microsoft Windows OneCare Live\GtCC.exe
c:\program files\Microsoft Windows OneCare Live\GTOneCare\AUCommon.cfg
c:\program files\Microsoft Windows OneCare Live\GTOneCare\AUInst.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\BrowserPlugins\adpqdiag.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\BrowserPlugins\FileSys.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\gdql_oc.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\GND_HTTP.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\GND_UPnP.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\GNetDev.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\core.dll
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CAddDeviceData.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CCache.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CCacheReaderWriter.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CDevice.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CDevicesVirginity.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CDialogBox.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CFile.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CGTConnect.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CINIFile.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CINIFileManager.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CMovie.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CNetworkDevices.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CommonFunctions.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CPCConnectPackData.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CRasConnection.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CRouterLanConfig.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CRouterPasswordData.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CSecuringData.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CStaticIPConnection.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CUC1Data.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CUC2Data.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CUC3Data.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CUnwiringData.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CUseCaseDecider.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CValidator.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CWirelessSecure.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\GTConnect\CWLanAPI.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\Plugins\GTConnect\CMessageBox.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\Plugins\GTConnect\COneCareClient.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\Plugins\GTConnect\CPlugins.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\Plugins\GTConnect\CStatus.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\Plugins\GTConnect\CTelemetryCollecter.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\Plugins\GTConnect\StandaloneButtonsNavigator.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\WizardEvents\CWizardConfig.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\WizardEvents\CWizardEventHandlers.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\WizardEvents\CWizardEventProvider.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\XML\CDocumentImport.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\XML\CXMLHelper.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\XML\CXmlSelection.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Lib\XML\CXSLTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\GTConnect\PCConnect_Pack\JS\CFlowRunner.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\GTConnect\Securing\Finish\JS\CFlowRunner.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\GTConnect\Securing\RouterLogin\JS\CFlowRunner.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\GTConnect\Securing\WirelessDevices\JS\CFlowRunner.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\GTConnect\Securing\WirelessNetwork\JS\CFlowRunner.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\PCConnectDialog\js\CPCConnectDialog.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Modules\WizardEntryPoint\js\CWizardEntryPoint.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\ui\brand\PCConnectPackageIcon.ico
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\ButtonTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\DynamicTableTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\InputTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\InstructionListTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\LinkTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\MovieTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\MsThemeButtonTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\PasswordTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\RadioTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\RichTextTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\SelectionTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\TableTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\box\TextTemplate.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\Resources\uil\common\templates\page\PageController.js
c:\program files\Microsoft Windows OneCare Live\GTOneCare\HTML\GTHomeNet\SetupWireless.exe
c:\program files\Microsoft Windows OneCare Live\GTOneCare\OCBrowse.exe
c:\program files\Microsoft Windows OneCare Live\GTOneCare\OCFix.exe
c:\program files\Microsoft Windows OneCare Live\GTOneCare\Patch.cfg
c:\program files\Microsoft Windows OneCare Live\GTOneCare\qdiagoc.ocx
c:\program files\Microsoft Windows OneCare Live\GtOneCareClient.dll
c:\program files\Microsoft Windows OneCare Live\icon_red.ico
c:\program files\Microsoft Windows OneCare Live\install.manifest
c:\program files\Microsoft Windows OneCare Live\maintenancediskcleanupserv.exe
c:\program files\Microsoft Windows OneCare Live\msidcrl40.dll
c:\program files\Microsoft Windows OneCare Live\new_install.manifest
c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe
c:\program files\Microsoft Windows OneCare Live\OCHelpAgent.dll
c:\program files\Microsoft Windows OneCare Live\OCHelpAgentClientInterop.dll
c:\program files\Microsoft Windows OneCare Live\OCSetup.exe
c:\program files\Microsoft Windows OneCare Live\OCSetupRO.dll
c:\program files\Microsoft Windows OneCare Live\oczip.exe
c:\program files\Microsoft Windows OneCare Live\OneCareRestore.exe
c:\program files\Microsoft Windows OneCare Live\OneCareScanner.exe
c:\program files\Microsoft Windows OneCare Live\OneCareSupport.exe
c:\program files\Microsoft Windows OneCare Live\OneCareSvcWrapper.exe
c:\program files\Microsoft Windows OneCare Live\OneCareSvcWrapperPS.dll
c:\program files\Microsoft Windows OneCare Live\PidGen.dll
c:\program files\Microsoft Windows OneCare Live\PrimoSDK.dll
c:\program files\Microsoft Windows OneCare Live\providers.dll
c:\program files\Microsoft Windows OneCare Live\providersclient.dll
c:\program files\Microsoft Windows OneCare Live\PSShellExt.dll
c:\program files\Microsoft Windows OneCare Live\RestoreWizard.exe
c:\program files\Microsoft Windows OneCare Live\SafeModeAVScanner.exe
c:\program files\Microsoft Windows OneCare Live\ssgen.dll
c:\program files\Microsoft Windows OneCare Live\Staging\2009-06-23T08-02-46mpam-fe.exe
c:\program files\Microsoft Windows OneCare Live\Staging\dw20shared.msi
c:\program files\Microsoft Windows OneCare Live\Staging\GTOneCare.msi
c:\program files\Microsoft Windows OneCare Live\Staging\Idcrl.msi
c:\program files\Microsoft Windows OneCare Live\Staging\mp_AVBits.msi
c:\program files\Microsoft Windows OneCare Live\Staging\MPSSetup.MSI
c:\program files\Microsoft Windows OneCare Live\Staging\OCLocRes.msi
c:\program files\Microsoft Windows OneCare Live\Staging\PXEngine.msi
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\atl80.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\cert.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\conflictingappmodule.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\de-at\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\de-ch\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\de-de\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-au\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-ca\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-gb\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-hk\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-ie\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-in\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-nz\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\en-sg\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\es-es\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\es-mx\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\es-us\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\fr-be\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\fr-ca\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\fr-ch\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\fr-fr\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\it-it\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\ja-jp-psloc\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\ja-jp\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\ko-kr\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\microsoft.vc80.atl.manifest
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\microsoft.vc80.crt.manifest
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\msvcp80.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\msvcr80.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\nl-be\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\nl-nl\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\ochelpagent.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\ocsetup.exe
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\pt-br\ocsetupro.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\winsscommon.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SEA1\winssplatform.dll
c:\program files\Microsoft Windows OneCare Live\Staging\SetupOneCare.exe
c:\program files\Microsoft Windows OneCare Live\Staging\WinSS.msi
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\ATL80.DLL
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\Cert.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\Microsoft.VC80.ATL.manifest
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\Microsoft.VC80.CRT.manifest
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\msvcp80.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\msvcr80.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\OCLocRes.msi
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\providersclient.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\WinSS.msi
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\WinSSCommon.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\winssnotify.exe
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\WinSSNotifyLib.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\winssplatform.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\WinSSRO.dll
c:\program files\Microsoft Windows OneCare Live\Upgrade\c37a3ac6-f01a-41c6-b286-82a922c1bcea\winssupg.exe
c:\program files\Microsoft Windows OneCare Live\UPnPLib.dll
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Microsoft Windows OneCare Live\winsscommon.dll
c:\program files\Microsoft Windows OneCare Live\WinSSIntro.exe
c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
c:\program files\Microsoft Windows OneCare Live\winssnotifye.exe
c:\program files\Microsoft Windows OneCare Live\winssnotifylib.dll
c:\program files\Microsoft Windows OneCare Live\WinSSPlatform.dll
c:\program files\Microsoft Windows OneCare Live\WinssRecRO.dll
c:\program files\Microsoft Windows OneCare Live\WinSSRes.dll
c:\program files\Microsoft Windows OneCare Live\WinssRO.dll
c:\program files\Microsoft Windows OneCare Live\WinSSUI.exe
c:\program files\Microsoft Windows OneCare Live\WinSSWebAgent.dll
c:\program files\Microsoft Windows OneCare Live\WinSSWebAgentTlb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPFILTER
-------\Legacy_MSFWDRV
-------\Legacy_MSFWHLPR
-------\Service_MpFilter
-------\Service_MSFWDrv
-------\Service_MSFWHLPR
-------\Service_msfwsvc
-------\Service_OcHealthMon
-------\Service_OneCareMP
-------\Service_winss


((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 23:38 . 2010-09-21 23:40 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-09-21 23:38 . 2010-09-21 23:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-21 23:38 . 2010-09-21 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 22:47 . 2010-09-21 23:18 -------- d-----w- C:\George10277G
2010-09-20 22:48 . 2010-09-20 22:59 -------- d-----w- C:\George
2010-09-20 21:51 . 2010-09-20 21:51 -------- d-----w- c:\users\owner\AppData\Roaming\QuickScan
2010-09-20 21:43 . 2010-09-20 21:44 -------- d-----w- C:\WINSSLog
2010-09-19 23:35 . 2010-09-19 23:35 -------- d-----w- c:\program files\NirSoft
2010-09-17 01:57 . 2010-09-17 01:57 -------- d-----w- C:\Rustbfix
2010-09-15 21:40 . 2010-09-15 21:40 -------- d-----w- c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com
2010-09-15 21:40 . 2010-09-15 21:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-15 21:40 . 2010-09-16 21:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-15 21:38 . 2010-09-15 21:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 21:38 . 2010-09-15 21:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 21:27 . 2010-09-15 21:27 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2010-09-15 21:26 . 2010-09-15 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 21:26 . 2010-09-15 21:26 -------- d-----w- c:\programdata\Malwarebytes
2010-09-12 02:55 . 2010-09-21 01:09 1356 ----a-w- c:\users\owner\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 23:36 . 2009-04-23 15:32 678164 ----a-w- c:\windows\system32\perfh00C.dat
2010-09-21 23:36 . 2009-04-23 15:32 126956 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-21 00:42 . 2009-04-23 15:50 -------- d-----w- c:\programdata\WildTangent
2010-08-17 17:13 . 2009-12-26 00:07 -------- d-----w- c:\users\owner\AppData\Roaming\Skype
2010-08-13 20:09 . 2009-06-23 16:53 -------- d-----w- c:\programdata\Microsoft Help
2010-06-26 06:05 . 2010-08-12 19:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 19:44 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 19:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 19:44 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 15:46 . 2009-04-23 15:33 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKLM\~\startupfolder\C:^Users^owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2009-08-06 01:48 647520 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-07-10 22:27 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 19:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
c:\program files\Microsoft Windows OneCare Live\winssnotify.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-10 22:27 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 17:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-15 05:02 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R3 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [2008-01-21 45568]
R3 bowser;bowser;c:\windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\brserid.sys [2006-11-02 71808]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]
R3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2008-01-21 35328]
R3 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2008-01-21 40960]
R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2008-01-21 27648]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2008-01-21 64000]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-02-23 212992]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-02-23 79360]
R3 MsRPC;MsRPC; [x]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-11 148480]
R3 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]
R3 srv2;srv2;c:\windows\system32\DRIVERS\srv2.sys [2010-06-18 144896]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-12-11 98816]
R3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2008-01-21 23552]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2006-11-02 68608]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2008-01-21 41472]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-11-02 20608]
R4 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 DFSR;DFS Replication;c:\windows\system32\DFSR.exe [2009-04-11 2092544]
R4 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 EMDMgmt;ReadyBoost;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-06-15 9728]
R4 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 Mcx2Svc;Windows Media Center Extender Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 netprofm;Network List Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R4 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 SessionEnv;Terminal Services Configuration;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 SLUINotify;SL UI Notification Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 SysMain;Superfetch;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2009-04-11 39424]
R4 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2008-01-21 35840]
R4 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2008-01-21 422968]
S0 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2008-01-21 300600]
S0 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2008-01-21 79928]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-04-11 245736]
S0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [2009-04-11 141288]
S0 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2008-01-21 342584]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-01-21 58936]
S0 HpCISSs;HpCISSs;c:\windows\system32\drivers\hpcisss.sys [2008-01-21 40504]
S0 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iastorv.sys [2008-01-21 235064]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-02 35944]
S0 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2008-01-21 96312]
S0 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2008-01-21 89656]
S0 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312]
S0 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2008-01-21 31288]
S0 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2008-01-21 105016]
S0 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2009-04-11 27112]
S0 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2008-01-21 94776]
S0 msisadrv;ISA/EISA Class Driver;c:\windows\system32\drivers\msisadrv.sys [2008-01-21 16440]
S0 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-02 45160]
S0 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2008-01-21 45112]
S0 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\system32\drivers\ql2300.sys [2008-01-21 1122360]
S0 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088]
S0 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2008-01-21 74808]
S0 spldr;Security Processor Loader Driver; [x]
S0 uliahci;uliahci;c:\windows\system32\drivers\uliahci.sys [2008-01-21 238648]
S0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-01-21 115816]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2008-01-21 52792]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-04-11 292840]
S0 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2008-01-21 130616]
S0 Wd;Microsoft Watchdog Timer Driver;c:\windows\system32\drivers\wd.sys [2008-01-21 22072]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-11 75264]
S1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]
S1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-04-11 66560]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2009-04-11 72192]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-01-21 84480]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2006-11-02 878080]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 slsvc;Software Licensing;c:\windows\system32\SLsvc.exe [2009-04-11 3408896]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-12-08 30720]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-09-25 634880]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-11 180712]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]
S3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\DRIVERS\OA004Ufd.sys [2008-06-03 144672]
S3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\DRIVERS\OA004Vid.sys [2008-07-17 269760]
S3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-02-18 25088]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart
WerSvcGroup REG_MULTI_SZ wersvc
swprv REG_MULTI_SZ swprv
regsvc REG_MULTI_SZ RemoteRegistry
wcssvc REG_MULTI_SZ WcsPlugInService
DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch
wdisvc REG_MULTI_SZ WdiServiceHost
sdrsvc REG_MULTI_SZ sdrsvc
secsvcs REG_MULTI_SZ WinDefend
GPSvcGroup REG_MULTI_SZ GPSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 c:\windows\Tasks\HPCeeScheduleForowner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-23 18:34]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{0E9F16EB-FCF2-4939-9D62-4B67B90C2EEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sympatico.msn.ca/?lang=en-CA
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\7fpoh8d8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/?lang=en-CA
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-sacsvr
AddRemove-WinSS - c:\program files\Microsoft Windows OneCare Live\OCSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 20:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-09-21 20:47:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-21 23:47
ComboFix2.txt 2010-09-20 22:59

Pre-Run: 221,640,638,464 bytes free
Post-Run: 221,332,389,888 bytes free

- - End Of File - - 98DF900BA37BB2BFFF79717FCD9EF46A
  • 0

#9
RKinner
Posted 21 September 2010 - 09:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I assume it is still not running programs properly? Does it make a difference if you click directly on a .exe file or on a shortcut?

Ron
  • 0

#10
CaperEscort
Posted 22 September 2010 - 03:54 AM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
No still same problem. shortcut or main file no difference. also noticed that wireless if i right click on the icon in the task bar and click on connect to network it freezes.
  • 0

#11
RKinner
Posted 22 September 2010 - 09:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This might be a clue:

R3 MsRPC;MsRPC; [x]

Open a command prompt (Start, All Programs, Accessories, Command Prompt) and type:
cd  \

dir  /a  /s  msrpc.*

(This may take 10 minutes to complete.  Does it find anything?  There should be one in C:\windows\system32\drivers.  If not, does it find any others?  What directory and what date?

(I use 2 spaces in the code box to show you where one goes.)
  • 0

#12
CaperEscort
Posted 22 September 2010 - 07:25 PM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok well 3 files on is c:\windows\system32\drivers file is msrpc.sys 161752 bytes 11/04/2009

next was
c:\windows\winsxs\x86_microsoft-windows-rpc-kernel-31bf3856ad364e35_6.0.6001.18000_none_bf0c83d581e693ef
msrpc.sys 163384 bytes 20/01/2008


c:\windows\winsxs\x86_microsoft-windows-rpc-kernel-31bf3856ad364e35_6.0.6002.18005_none_c0f7fce17f085f3b
msrpc.sys 161752 bytes 11/04/2009
  • 0

#13
RKinner
Posted 23 September 2010 - 10:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I've been poking through the registry trying to find msrpc on my vista. Near as I can tell the file is not running. There is an entry for it in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC]
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Tag"=dword:00000001
"Type"=dword:00000001

but it doesn't even have an Image value which is where they have the path to the file. What I'm thinking is that yours has the start value set to something other than 3. Perhaps you had some drive corruption.

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC /s > junk.txt



Start, Programs, Accessories, then right click on Command Prompt and select Run As Administrator.

Right click and select Paste (or Edit then Paste). The line should appear. Hit Enter.

Now type:

notepad junk.txt

(SPACE before junk.txt)

Copy and Paste the result in a reply.

Ron
  • 0

#14
CaperEscort
Posted 29 September 2010 - 04:39 PM

CaperEscort

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Sorry about the delay had alot of school work due.





HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x3
Tag REG_DWORD 0x1
Type REG_DWORD 0x1
  • 0

#15
RKinner
Posted 29 September 2010 - 11:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Guess that wasn't it. Can you verify that you have

c:\windows\System32\Appinfo.dll

and c:\windows\System32\Consent.exe

Since this is Vista when you click on a .exe which requires admin rights it calls first appinfo.dll then Consent.exe which brings up the little box to allow it to run.

You might also turn off UAC and see if that helps:
http://www.petri.co....ndows_vista.htm

Also let ESET scan your system. Will probably run all night:

Use IE or Firefox (If UAC is active, right click on it an Run As Administrator) and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP