Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cleaning up used laptop


  • Please log in to reply

#1
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi fellow members,

My mother gave me her old Vista laptop after she purchased her new Win7 laptop. I need to personalize it for myself, but first want to start by making sure there is no infections on it. It obviously hasn't been updated since July of 2010 and there are 53 updates that need to be installed not including SP2 which was not listed in the available updates from MS when I checked for updates needed. I would also like to rid this laptop of all the preinstalled programs including the Pop games, etc. but I'd like to see how the professionals would go about this feat for educational purposes.

Only thing that I have changed since she gave it to me yesterday is that I installed HJT though I did not fix anything and updated Avast AV.

Could someone please look at the logs requested and guide me further. I'd really appreciate your help.

Thank you!

Donna :)


OTL logfile created on: 5/1/2011 12:14:08 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anette\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.71 Gb Total Space | 95.58 Gb Free Space | 68.42% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.64 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: ANNETTA-PC | User Name: anette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 12:13:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anette\Downloads\OTL.exe
PRC - [2010/11/02 15:56:16 | 001,814,384 | ---- | M] () -- C:\Program Files\PopCap Games\Bejeweled 3\Bejeweled3.exe
PRC - [2010/06/11 19:47:04 | 000,108,544 | ---- | M] (iWin Inc.) -- C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/12 13:08:12 | 000,633,912 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwucli.exe
PRC - [2010/02/18 11:43:22 | 000,252,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jaucheck.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/16 09:48:30 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 12:13:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anette\Downloads\OTL.exe
MOD - [2008/01/20 21:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/16 09:48:30 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/26 01:26:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\ProgramData\iWin Games\firefox [2010/06/11 19:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 11:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/15 12:13:44 | 000,000,000 | ---D | M]

[2010/05/15 11:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anette\AppData\Roaming\mozilla\Extensions
[2011/05/01 12:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anette\AppData\Roaming\mozilla\Firefox\Profiles\k4gs6fiw.default\extensions
[2010/06/02 18:55:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\anette\AppData\Roaming\mozilla\Firefox\Profiles\k4gs6fiw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/15 12:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 12:13:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/15 12:13:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/15 12:07:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil9e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 75.105.128.61
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 01:01:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 12:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/01 12:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/05/01 11:58:05 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

========== Files - Modified Within 30 Days ==========

[2011/05/01 12:13:35 | 000,000,057 | ---- | M] () -- C:\Users\anette\Desktop\Geeks to Go! – Free help from tech experts.URL
[2011/05/01 12:13:12 | 000,000,552 | ---- | M] () -- C:\Users\anette\Desktop\OTL - Shortcut.lnk
[2011/05/01 12:07:05 | 000,001,874 | ---- | M] () -- C:\Users\anette\Desktop\HijackThis.lnk
[2011/05/01 12:04:32 | 000,000,058 | ---- | M] () -- C:\Users\anette\Desktop\Help2Go Forums.URL
[2011/05/01 11:46:22 | 000,000,048 | ---- | M] () -- C:\Users\anette\Desktop\Google.URL
[2011/05/01 11:35:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 11:35:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 11:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

========== Files Created - No Company Name ==========

[2011/05/01 12:13:35 | 000,000,057 | ---- | C] () -- C:\Users\anette\Desktop\Geeks to Go! – Free help from tech experts.URL
[2011/05/01 12:13:12 | 000,000,552 | ---- | C] () -- C:\Users\anette\Desktop\OTL - Shortcut.lnk
[2011/05/01 12:07:05 | 000,001,874 | ---- | C] () -- C:\Users\anette\Desktop\HijackThis.lnk
[2011/05/01 12:04:32 | 000,000,058 | ---- | C] () -- C:\Users\anette\Desktop\Help2Go Forums.URL
[2011/05/01 11:46:22 | 000,000,048 | ---- | C] () -- C:\Users\anette\Desktop\Google.URL
[2011/01/13 14:58:04 | 000,000,552 | ---- | C] () -- C:\Users\anette\AppData\Local\d3d8caps.dat
[2011/01/11 15:23:55 | 000,000,680 | ---- | C] () -- C:\Users\anette\AppData\Local\d3d9caps.dat
[2010/05/15 13:58:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/15 13:58:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/26 01:16:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/06/12 13:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 13:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 13:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 13:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 12:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,330,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
Doesn't look that bad. We'll go through the whole cleanup routine just to be sure.

You need to upgrade Avast to version 6.

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find if any?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
[2010/05/15 12:13:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [hpqSRMon] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Just removing some junk. These two lines:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
[2010/05/15 12:13:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
are from Java 6.20. Current is somewhere around 6.24 so we will be upgrading but Java is stupid and doesn't seem to know how to remove the old Java consoles so we will do it now. Having multiple consoles will slow down FF startup.

These two are remnants that are left over from removed software:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [hpqSRMon] File not found

(This one:
O4 - HKLM..\Run: [] File not found
refers to the default line. Best to leave it alone as some versions of OTL remove the whole run key if you try and clean it up)

I'm just being anal with these old javas. I just like clean OTL logs:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

Open OTL again and select the All option in the Extra Registry group. Since the laptop has set so long I would like for you to change the File Age option from 30 days to 360 then hit the Run Scan button. Post the two logs it produces in your next reply.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator to start.

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


ComboFix

You must first uninstall AVG before tunning Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on george and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

(I've been told that it's not necessary to rename combofix any more but I still do it.)

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan



On completion of the scan click Save Log, save it to your desktop and post in your next reply

Ron
  • 0

#3
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts
Hi RKinner,

I really appreciate your time. :unsure:

I didn't get an e-mail for your post! :yes: Lucky I checked to see if anyone posted.

I'm just being anal with these old javas.


You can be as anal as you like! I like a clean machine. I have my pet peeve's as well!

I was going to run JavaRa and delete all that stuff myself but felt it best to be guided by a professional so I could also learn from the experience first hand.

are from Java 6.20. Current is somewhere around 6.24


Thanks for the reminder! I need to update Java on my Gateway Laptop from 6.20 to 6.24 which is the current version.

Just upgraded to Avast 6 and I'll let it run overnight and finish with the rest tomorrow after work.

Would it be ok to add the 2 entries below to your fix above? I planned on uninstalling Adobe Reader and iWin and lots of other unnecessary stuff.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll ()

I'll post back as soon as I can with what Avast finds and the logs you requested.

Thank you kindly Sir!

Donna :)
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
I think Java just went to 6.25 today.

You can add the two lines. I was going to have you uninstall both programs anyway but was waiting to get the Extras log.

Ron
  • 0

#5
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts

I think Java just went to 6.25 today

Geezy petes! Updates come and go faster than a NY minute!

I was going to have you uninstall both programs anyway but was waiting to get the Extras log.

Oh! Ok! Mae Culpa! I messed up your game plan. Sorry. :) I'll steer while you give me the directions! No more back seat driving from this chickadee!

I keep getting popups for Avast! One telling me that Avast will expire in 15 days and the other telling me that Avast has updated. When you upgrade to a newer program version they overwrite themselves don't they? That never happened on my other machine when I upgraded the Avast! :unsure:

Here's the logs you requested:

OTL logfile created on: 5/3/2011 6:32:51 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anette\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.71 Gb Total Space | 93.71 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.64 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: ANNETTA-PC | User Name: anette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 12:13:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anette\Downloads\OTL.exe
PRC - [2011/04/18 12:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/11 19:47:04 | 000,108,544 | ---- | M] (iWin Inc.) -- C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/16 09:48:30 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/01/20 21:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 12:13:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\anette\Downloads\OTL.exe
MOD - [2011/04/18 12:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 12:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/07/16 09:48:30 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 12:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 12:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/26 01:26:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\ProgramData\iWin Games\firefox [2010/06/11 19:46:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 11:11:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/15 12:13:44 | 000,000,000 | ---D | M]

[2010/05/15 11:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anette\AppData\Roaming\mozilla\Extensions
[2011/05/02 22:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\anette\AppData\Roaming\mozilla\Firefox\Profiles\k4gs6fiw.default\extensions
[2010/06/02 18:55:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\anette\AppData\Roaming\mozilla\Firefox\Profiles\k4gs6fiw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/03 06:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/15 12:13:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/15 12:07:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk = C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe (iWin Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 75.105.128.61
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img21.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/26 01:01:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2011/05/03 06:18:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/03 00:29:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/03 00:29:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/02 22:15:00 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/02 22:14:44 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/02 21:55:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/05/02 21:54:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/05/02 21:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/05/02 21:52:47 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/05/02 21:52:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/05/02 21:52:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/05/02 21:52:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/05/02 21:52:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/05/02 21:52:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/05/02 21:52:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/05/02 21:52:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/05/02 21:52:44 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/05/02 21:52:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/05/02 21:52:36 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/05/02 21:52:36 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/05/02 21:52:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/05/02 21:52:35 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/05/02 21:52:35 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/05/01 20:12:03 | 000,000,000 | ---D | C] -- C:\Users\anette\Desktop\Tools
[2011/05/01 12:32:46 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/05/01 12:32:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/05/01 12:32:11 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/01 12:32:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/05/01 12:32:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/01 12:32:07 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/05/01 12:32:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/01 12:31:58 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/01 12:31:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/01 12:31:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/01 12:31:55 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/01 12:31:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/01 12:31:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/01 12:31:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/01 12:31:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/01 12:31:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/01 12:31:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/01 12:31:51 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/05/01 12:31:51 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/01 12:31:51 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/01 12:31:51 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/01 12:31:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/01 12:31:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/01 12:27:47 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/01 12:27:47 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/01 12:27:11 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/01 12:27:11 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/01 12:27:07 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/05/01 12:26:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/01 12:26:24 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/05/01 12:26:06 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/01 12:25:47 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/05/01 12:24:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/05/01 12:24:19 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/01 12:24:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/01 12:24:09 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/05/01 12:24:08 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/05/01 12:23:51 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/05/01 12:18:46 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/05/01 12:18:38 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/05/01 12:18:38 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/05/01 12:18:38 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/05/01 12:18:38 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/05/01 12:18:22 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/05/01 12:18:22 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/05/01 12:18:22 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/05/01 12:17:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/05/01 12:17:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/05/01 12:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/01 12:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/01/08 10:49:12 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\PopCap Games
[2010/08/14 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\CyberLink
[2010/08/14 20:05:00 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/08/14 20:04:59 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/08/14 20:04:59 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/08/14 20:04:59 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/08/14 20:04:59 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/08/14 20:04:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2010/08/14 20:04:58 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\QuickPlay
[2010/06/27 09:45:45 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/27 09:45:45 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/27 09:45:45 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/12 14:10:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/06/12 14:10:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/06/11 19:47:15 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\iWinArcade
[2010/06/11 19:46:39 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\iWin
[2010/06/11 19:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[2010/06/11 19:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin Games
[2010/06/11 19:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin Games
[2010/06/11 19:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2010/06/11 19:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\iWin.com Games
[2010/06/11 13:10:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/11 13:10:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/06/08 17:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2010/06/08 17:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/06/08 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/06/02 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\Microsoft Games
[2010/06/02 18:38:27 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\HpUpdate
[2010/06/02 18:38:25 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010/05/15 13:58:10 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/05/15 13:58:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/05/15 13:58:08 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/05/15 13:58:08 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/05/15 13:58:08 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/05/15 13:58:08 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/05/15 13:58:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/05/15 13:58:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/05/15 13:58:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/05/15 13:58:07 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/05/15 13:58:07 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/05/15 13:58:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/05/15 13:58:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/05/15 13:58:07 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/05/15 13:58:07 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/05/15 13:58:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/05/15 13:58:07 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/05/15 13:58:06 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/05/15 13:58:06 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/05/15 13:58:06 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/05/15 13:58:06 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/05/15 13:58:06 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/05/15 13:58:06 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/05/15 13:41:36 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/05/15 13:41:36 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/05/15 13:41:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/05/15 13:41:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/05/15 13:41:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/05/15 13:41:36 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/05/15 13:41:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/05/15 13:41:35 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/15 13:41:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/05/15 13:41:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/05/15 13:41:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/05/15 13:41:34 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/05/15 13:41:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/05/15 13:41:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/05/15 13:41:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/05/15 13:41:33 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/15 13:41:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/05/15 13:41:32 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/05/15 13:41:32 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/05/15 13:41:32 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/05/15 13:41:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/05/15 13:41:32 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/05/15 13:41:32 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/05/15 13:16:08 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/05/15 13:16:07 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/05/15 13:16:06 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/05/15 13:16:05 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/05/15 13:16:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/05/15 13:16:03 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/05/15 13:09:24 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/15 13:06:22 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/05/15 13:06:17 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/05/15 13:04:55 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/15 13:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/15 13:00:25 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/05/15 13:00:24 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/05/15 12:59:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/05/15 12:59:03 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/05/15 12:58:52 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/05/15 12:58:51 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/05/15 12:58:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/05/15 12:58:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/05/15 12:58:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/05/15 12:58:50 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/05/15 12:58:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/05/15 12:58:08 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/05/15 12:58:06 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/05/15 12:57:53 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/05/15 12:56:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/05/15 12:56:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/05/15 12:56:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/05/15 12:56:06 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/05/15 12:55:54 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/05/15 12:55:54 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/05/15 12:55:54 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/05/15 12:55:54 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/05/15 12:55:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/05/15 12:55:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/05/15 12:55:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/05/15 12:55:18 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/05/15 12:55:18 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/05/15 12:55:17 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/05/15 12:55:17 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/05/15 12:55:17 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/05/15 12:55:17 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/05/15 12:55:16 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/05/15 12:55:16 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/05/15 12:55:15 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/05/15 12:55:12 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/05/15 12:55:05 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/05/15 12:55:05 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/05/15 12:55:05 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/05/15 12:55:01 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/05/15 12:55:01 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/05/15 12:54:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/05/15 12:54:42 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/05/15 12:54:40 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/15 12:54:35 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/05/15 12:54:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/05/15 12:54:26 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/05/15 12:54:26 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/05/15 12:54:23 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/05/15 12:54:16 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/05/15 12:54:06 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/05/15 12:53:59 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/05/15 12:53:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/05/15 12:53:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/05/15 12:53:56 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/05/15 12:53:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/05/15 12:53:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/05/15 12:53:44 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/05/15 12:53:41 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/15 12:52:58 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/05/15 12:52:58 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/05/15 12:52:56 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/05/15 12:52:50 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/05/15 12:49:20 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/05/15 12:48:56 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/05/15 12:48:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/05/15 12:48:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/05/15 12:48:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/05/15 12:37:40 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/05/15 12:37:40 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/15 12:37:40 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/15 12:37:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/15 12:36:41 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/05/15 12:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/05/15 12:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/05/15 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\OpenOffice.org
[2010/05/15 12:26:05 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Defraggler
[2010/05/15 12:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/05/15 12:23:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
[2010/05/15 12:22:58 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2010/05/15 12:22:58 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2010/05/15 12:22:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/05/15 12:22:57 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/15 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2010/05/15 12:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2010/05/15 12:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/05/15 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/15 12:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/15 12:21:37 | 000,123,904 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/05/15 12:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/15 12:21:21 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/15 12:21:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/15 12:21:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/15 12:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/05/15 12:19:51 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/05/15 12:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/15 12:18:12 | 000,909,824 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010/05/15 12:18:12 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2010/05/15 12:18:12 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2010/05/15 12:18:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2010/05/15 12:18:11 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2010/05/15 12:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/05/15 12:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/05/15 12:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/05/15 12:17:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/15 12:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/15 12:13:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/15 12:11:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/15 12:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2010/05/15 12:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/05/15 11:47:55 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/15 11:47:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2010/05/15 11:47:54 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/15 11:47:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/15 11:47:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/15 11:47:51 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/15 11:46:23 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/15 11:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/15 11:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/15 11:30:19 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\WildTangent
[2010/05/15 11:16:07 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2010/05/15 11:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/15 11:14:22 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2010/05/15 11:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/05/15 11:11:53 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Macromedia
[2010/05/15 11:11:29 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Mozilla
[2010/05/15 11:11:29 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\Mozilla
[2010/05/15 11:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2010/05/15 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/15 11:10:24 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/15 11:10:23 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/15 11:10:10 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/15 11:10:10 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/15 11:10:10 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/15 11:09:53 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/15 11:09:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/15 11:09:52 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Adobe
[2010/05/15 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Hewlett-Packard
[2010/05/15 11:06:07 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Symantec
[2010/05/15 11:05:27 | 000,000,000 | R--D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2010/05/15 11:05:27 | 000,000,000 | R--D | C] -- C:\Users\anette\Searches
[2010/05/15 11:05:27 | 000,000,000 | R--D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2010/05/15 11:05:20 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Identities
[2010/05/15 11:05:17 | 000,000,000 | R--D | C] -- C:\Users\anette\Contacts
[2010/05/15 11:05:15 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\VirtualStore
[2010/05/15 11:00:08 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\HP TCS
[2010/05/15 10:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2010/05/15 10:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/05/15 10:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2010/05/15 10:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2010/05/15 10:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2010/05/15 10:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/05/15 10:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\AppData\Local\Temporary Internet Files
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Templates
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Start Menu
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\SendTo
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Recent
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\PrintHood
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\NetHood
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Documents\My Videos
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Documents\My Pictures
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Documents\My Music
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\My Documents
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Local Settings
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\AppData\Local\History
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Cookies
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\Application Data
[2010/05/15 10:56:15 | 000,000,000 | -HSD | C] -- C:\Users\anette\AppData\Local\Application Data
[2010/05/15 10:56:14 | 000,000,000 | --SD | C] -- C:\Users\anette\AppData\Roaming\Microsoft
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Videos
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Saved Games
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Pictures
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Music
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Links
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Favorites
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Downloads
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Documents
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\Desktop
[2010/05/15 10:56:14 | 000,000,000 | R--D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2010/05/15 10:56:14 | 000,000,000 | -H-D | C] -- C:\Users\anette\AppData
[2010/05/15 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\Temp
[2010/05/15 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Local\Microsoft
[2010/05/15 10:56:14 | 000,000,000 | ---D | C] -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

========== Files - Modified Within 360 Days ==========

[2011/05/03 06:35:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/03 06:35:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/03 06:21:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 06:21:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 06:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 06:20:40 | 2075,340,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 22:47:24 | 000,330,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/02 22:14:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/01 20:12:58 | 000,000,057 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Geeks to Go! – Free help from tech experts.URL
[2011/05/01 20:12:51 | 000,000,058 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Help2Go Forums.URL
[2011/05/01 20:12:36 | 000,000,048 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.URL
[2011/05/01 20:11:21 | 000,001,849 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mah Jong Quest III.lnk
[2011/05/01 20:10:30 | 000,001,014 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Bejeweled 3.lnk
[2011/05/01 20:10:19 | 000,001,077 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Bejeweled 2 Deluxe.lnk
[2011/05/01 20:07:28 | 000,001,889 | ---- | M] () -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
[2011/05/01 12:13:12 | 000,000,552 | ---- | M] () -- C:\Users\anette\Desktop\OTL - Shortcut.lnk
[2011/04/18 12:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 12:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 12:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 12:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 12:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 12:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 12:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 12:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/10 11:12:54 | 001,161,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/03/10 11:12:54 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/03/08 14:52:08 | 000,000,680 | ---- | M] () -- C:\Users\anette\AppData\Local\d3d9caps.dat
[2011/03/03 09:56:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/03 08:01:01 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/03/03 07:53:48 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/22 01:18:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/22 01:17:37 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/22 01:17:37 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/22 01:17:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/22 01:16:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/22 01:16:53 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/22 01:16:40 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/22 01:16:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/22 01:16:40 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/22 01:16:39 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/22 01:16:39 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/22 01:16:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/22 00:20:39 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/21 23:43:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/21 23:43:42 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/21 23:43:04 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/21 23:42:38 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/17 01:23:50 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/17 01:19:43 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/16 10:29:56 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/16 08:24:56 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/02 18:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/01/13 14:58:04 | 000,000,552 | ---- | M] () -- C:\Users\anette\AppData\Local\d3d8caps.dat
[2010/12/29 12:41:21 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010/12/29 12:39:28 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/12/28 09:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/12/14 10:49:30 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/11/06 06:10:29 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/11/06 06:10:13 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/11/06 06:10:13 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/10/28 07:56:58 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/18 09:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/10/15 09:08:12 | 003,600,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/15 09:08:12 | 003,548,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/09/20 04:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/09/10 11:37:06 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/09/06 11:23:14 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/08/31 10:41:42 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/08/31 10:41:42 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/08/26 11:07:25 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/08/20 10:21:02 | 000,866,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/08/14 20:05:00 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010/08/14 20:05:00 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010/08/14 20:04:59 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010/08/14 20:04:59 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010/08/14 20:04:59 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010/06/18 11:43:54 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/06/16 10:12:25 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/27 14:16:09 | 000,081,920 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/05/15 14:25:16 | 000,000,943 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/15 12:51:21 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/05/15 12:27:40 | 000,014,602 | ---- | M] () -- C:\Windows\System32\results.xml
[2010/05/15 12:21:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/05/15 12:13:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/15 12:13:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/15 12:13:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/15 12:13:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/15 11:14:22 | 000,001,057 | ---- | M] () -- C:\Users\anette\Desktop\Revo Uninstaller.lnk
[2010/05/15 11:11:14 | 000,001,748 | ---- | M] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/15 11:05:57 | 000,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/15 11:05:08 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2010/05/15 11:00:01 | 000,000,366 | -H-- | M] () -- C:\IPH.PH
[2010/05/15 10:57:14 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ50 Notebook PC_Y5335KV_0U_Q2CE836QHVB_E497021-001_4A_I360B_SWistron_V09.41_F.24_T080813_WV2-1_L409_M1979_J160_7Intel_86FD_92.00_#100515_N10EC8136;168C001C_(FR972UA#ABA)_XMOBILE_CN10_Z.MRK

========== Files Created - No Company Name ==========

[2011/05/02 21:52:38 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/05/02 21:52:38 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/05/02 21:52:38 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/05/01 20:12:58 | 000,000,057 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Geeks to Go! – Free help from tech experts.URL
[2011/05/01 20:12:51 | 000,000,058 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Help2Go Forums.URL
[2011/05/01 20:12:36 | 000,000,048 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Google.URL
[2011/05/01 20:11:21 | 000,001,849 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mah Jong Quest III.lnk
[2011/05/01 20:10:30 | 000,001,014 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Bejeweled 3.lnk
[2011/05/01 20:10:19 | 000,001,077 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Bejeweled 2 Deluxe.lnk
[2011/05/01 12:13:12 | 000,000,552 | ---- | C] () -- C:\Users\anette\Desktop\OTL - Shortcut.lnk
[2011/01/13 14:58:04 | 000,000,552 | ---- | C] () -- C:\Users\anette\AppData\Local\d3d8caps.dat
[2011/01/11 15:23:55 | 000,000,680 | ---- | C] () -- C:\Users\anette\AppData\Local\d3d9caps.dat
[2010/06/11 19:47:04 | 000,001,889 | ---- | C] () -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk
[2010/05/15 13:58:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/15 13:58:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/15 13:58:07 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/05/15 13:42:44 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/15 12:55:06 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/05/15 12:33:25 | 000,000,284 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/15 12:33:23 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2010/05/15 12:27:40 | 000,014,602 | ---- | C] () -- C:\Windows\System32\results.xml
[2010/05/15 12:26:42 | 2075,340,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/15 12:21:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/05/15 11:14:22 | 000,001,057 | ---- | C] () -- C:\Users\anette\Desktop\Revo Uninstaller.lnk
[2010/05/15 11:11:14 | 000,001,748 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/15 11:09:04 | 000,000,943 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/05/15 11:05:28 | 000,000,949 | ---- | C] () -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2010/05/15 11:05:26 | 000,000,944 | ---- | C] () -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2010/05/15 11:05:17 | 000,000,915 | ---- | C] () -- C:\Users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2010/05/15 11:05:08 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2010/05/15 10:58:56 | 000,000,366 | -H-- | C] () -- C:\IPH.PH
[2010/05/15 10:58:51 | 000,002,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken Financial Center.lnk
[2010/05/15 10:58:51 | 000,002,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2010/05/15 10:58:51 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2010/05/15 10:57:14 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ50 Notebook PC_Y5335KV_0U_Q2CE836QHVB_E497021-001_4A_I360B_SWistron_V09.41_F.24_T080813_WV2-1_L409_M1979_J160_7Intel_86FD_92.00_#100515_N10EC8136;168C001C_(FR972UA#ABA)_XMOBILE_CN10_Z.MRK
[2010/05/15 10:56:14 | 000,000,258 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/05/15 10:56:14 | 000,000,240 | ---- | C] () -- C:\Users\anette\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2008/07/26 01:16:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/06/12 13:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/12 13:41:20 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/06/12 13:41:18 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/12 13:41:18 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/06/04 12:54:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,330,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >


OTL Extras logfile created on: 5/3/2011 6:32:51 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\anette\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.71 Gb Total Space | 93.71 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.64 Gb Free Space | 17.57% Space Free | Partition Type: NTFS

Computer Name: ANNETTA-PC | User Name: anette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09FF59BE-8AC9-4B43-942C-0DDEC91F5514}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D7FC556-F353-4B9B-AF5E-BBEE196733A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3C19F8B9-8C90-4C24-8546-D5D7D3AB4734}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AAF9D36-F508-47B8-B726-FA98DC16AB2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{5063D835-DA36-435A-88EA-DBB71927F480}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{621C298F-33ED-4678-9D03-3C8FB94439F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{62D6879A-905D-4389-8233-895B3EC198DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A5E65FE-6B5E-4F9E-8DE6-07973C96C11B}" = lport=138 | protocol=17 | dir=in | app=system |
"{6EEDD4B2-DC60-4B37-A953-092C787BDEF8}" = rport=139 | protocol=6 | dir=out | app=system |
"{886C0D06-B9D7-46C2-9B09-522CE84B1C30}" = rport=137 | protocol=17 | dir=out | app=system |
"{932F0CF6-A42C-4A4D-AEC2-2F201F362C9E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C234082-BC07-48B2-BE09-62D93C4107D8}" = lport=137 | protocol=17 | dir=in | app=system |
"{ABE0EE4B-A931-4088-97EF-56357A5BF52E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B963BA48-B55D-4B68-8F22-C5EDD3BDB5DA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC65E79C-9B39-4ECB-88BC-5619ECD7CE9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4B53C6E-07DD-422A-9533-AC398F3888CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{D9C4715A-624B-441A-8E46-A460CDB5D2F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB574006-ED74-455E-9ACE-CD1D81A25CCC}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3D4D6EE7-F490-4751-B552-671C2E5BEC9A}" = protocol=58 | dir=out | [email protected],-28546 |
"{49285A29-F55F-4C45-88FA-71579DF1FEB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4A895D4B-50FF-40C9-AF5C-2FD3848B47E3}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{5891AEA5-BDC1-4112-9F7C-4595CF1C2A4E}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{620A8908-BCC6-469B-9E3B-44D042C62D60}" = protocol=1 | dir=out | [email protected],-28544 |
"{737176BF-C763-4CC2-B912-DCBCF58C0244}" = protocol=58 | dir=in | [email protected],-28545 |
"{880AA6DE-1C3E-499E-BE84-F1158C0E778B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{9592638A-E445-4251-BD6A-D061BDC7C933}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{986BB815-06F7-41C5-A1AF-2A42401C2EF8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C03A3380-8319-4EBD-9329-F864743BEC1A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C8F554C7-B099-4399-813F-8A2B38A79F77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{DFBAB6D4-6AD9-49C4-8F23-A9F1E0220933}" = protocol=1 | dir=in | [email protected],-28543 |
"{F7111C6F-7D13-4195-B94F-13EF9B13EF8B}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"avast" = avast! Free Antivirus
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Bejeweled 3" = Bejeweled 3
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"iWinArcade" = iWin Games (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Revo Uninstaller" = Revo Uninstaller 1.88
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6497

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

5/3/2011 5:27:55 PM
mbam-log-2011-05-03 (17-27-55).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 306526
Time elapsed: 57 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 11-05-02.04 - anette 05/03/2011 17:42:21.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.935 [GMT -5:00]
Running from: c:\users\anette\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_iWinGamesInstaller
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 22:50 . 2011-05-03 22:53 -------- d-----w- c:\users\anette\AppData\Local\temp
2011-05-03 22:50 . 2011-05-03 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-03 11:48 . 2011-05-03 11:48 -------- d-----w- c:\users\anette\AppData\Roaming\Malwarebytes
2011-05-03 11:48 . 2011-05-03 11:48 -------- d-----w- c:\programdata\Malwarebytes
2011-05-03 11:48 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 11:48 . 2011-05-03 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-03 11:48 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 11:18 . 2011-05-03 11:18 -------- d-----w- C:\_OTL
2011-05-03 07:14 . 2011-04-18 14:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{134DD90E-63BF-4BB1-8CDD-3245784A19AF}\mpengine.dll
2011-05-03 05:29 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-03 05:29 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-03 03:15 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-03 03:14 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-03 02:55 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-05-01 17:27 . 2011-02-22 12:52 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-01 17:27 . 2011-02-22 12:52 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-01 17:27 . 2011-02-22 12:51 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-01 17:27 . 2011-02-22 12:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-01 17:27 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-01 17:27 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-01 17:27 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-05-01 17:27 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-01 17:27 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-01 17:27 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-05-01 17:25 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-05-01 17:25 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-05-01 17:25 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-05-01 17:24 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-05-01 17:24 . 2011-03-03 15:00 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-01 17:24 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-01 17:24 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-01 17:24 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-05-01 17:23 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-05-01 17:18 . 2010-08-20 15:21 866816 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-01 17:18 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-05-01 17:18 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-05-01 17:18 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-05-01 17:18 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-05-01 17:18 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-01 17:18 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-05-01 17:18 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-05-01 17:18 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-05-01 17:18 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-05-01 17:17 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-01 17:17 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-05-01 17:17 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-01 17:17 . 2011-03-03 10:49 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-01 17:16 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-05-01 17:16 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-01 17:16 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-01 17:16 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-01 17:07 . 2011-05-01 17:07 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:25 . 2010-05-15 16:46 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-18 17:17 . 2010-05-15 16:47 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-18 17:16 . 2010-05-15 16:47 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-18 17:13 . 2010-05-15 16:47 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-18 17:13 . 2010-05-15 16:47 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-18 17:12 . 2010-05-15 16:47 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-03 14:56 . 2011-05-03 05:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-05-03 05:29 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-05-03 05:29 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-05-03 05:29 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-02 23:11 . 2010-05-15 18:04 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
c:\users\anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\programdata\iWin Games\DesktopAlerts\DesktopAlerts.exe [2010-6-11 108544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-12 22:10 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-12 05:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
FF - ProfilePath - c:\users\anette\AppData\Roaming\Mozilla\Firefox\Profiles\k4gs6fiw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 17:53
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2208)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-03 17:58:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-03 22:58
.
Pre-Run: 100,466,229,248 bytes free
Post-Run: 100,090,404,864 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 554643E98F1F78302A19BF8F769AD5C9



2011/05/03 18:01:45.0705 3716 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 18:01:47.0717 3716 ================================================================================
2011/05/03 18:01:47.0717 3716 SystemInfo:
2011/05/03 18:01:47.0717 3716
2011/05/03 18:01:47.0717 3716 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/03 18:01:47.0717 3716 Product type: Workstation
2011/05/03 18:01:47.0717 3716 ComputerName: ANNETTA-PC
2011/05/03 18:01:47.0717 3716 UserName: anette
2011/05/03 18:01:47.0717 3716 Windows directory: C:\Windows
2011/05/03 18:01:47.0717 3716 System windows directory: C:\Windows
2011/05/03 18:01:47.0717 3716 Processor architecture: Intel x86
2011/05/03 18:01:47.0717 3716 Number of processors: 1
2011/05/03 18:01:47.0717 3716 Page size: 0x1000
2011/05/03 18:01:47.0717 3716 Boot type: Normal boot
2011/05/03 18:01:47.0717 3716 ================================================================================
2011/05/03 18:01:48.0029 3716 Initialize success
2011/05/03 18:01:55.0424 1444 ================================================================================
2011/05/03 18:01:55.0439 1444 Scan started
2011/05/03 18:01:55.0439 1444 Mode: Manual;
2011/05/03 18:01:55.0439 1444 ================================================================================
2011/05/03 18:01:56.0547 1444 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/03 18:01:56.0625 1444 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/03 18:01:56.0672 1444 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/03 18:01:56.0719 1444 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/03 18:01:56.0781 1444 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/03 18:01:56.0906 1444 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/03 18:01:57.0015 1444 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/03 18:01:57.0077 1444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/03 18:01:57.0140 1444 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/03 18:01:57.0218 1444 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/03 18:01:57.0249 1444 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/03 18:01:57.0327 1444 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/03 18:01:57.0358 1444 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/03 18:01:57.0545 1444 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/03 18:01:57.0608 1444 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/03 18:01:57.0686 1444 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/03 18:01:57.0795 1444 aswMonFlt (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/03 18:01:57.0842 1444 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/05/03 18:01:57.0904 1444 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/05/03 18:01:57.0982 1444 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/05/03 18:01:58.0045 1444 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/05/03 18:01:58.0185 1444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 18:01:58.0232 1444 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/03 18:01:58.0357 1444 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/03 18:01:58.0528 1444 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/03 18:01:58.0622 1444 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/03 18:01:58.0747 1444 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/03 18:01:58.0825 1444 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 18:01:58.0903 1444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/03 18:01:58.0965 1444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/03 18:01:59.0059 1444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/03 18:01:59.0105 1444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/03 18:01:59.0152 1444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/03 18:01:59.0199 1444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/03 18:01:59.0339 1444 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/03 18:01:59.0464 1444 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 18:01:59.0542 1444 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/03 18:01:59.0605 1444 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/03 18:01:59.0683 1444 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/05/03 18:01:59.0807 1444 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 18:01:59.0870 1444 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/03 18:02:00.0026 1444 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
2011/05/03 18:02:00.0135 1444 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 18:02:00.0166 1444 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/03 18:02:00.0229 1444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/03 18:02:00.0400 1444 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 18:02:00.0525 1444 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/03 18:02:00.0603 1444 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 18:02:00.0697 1444 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 18:02:00.0759 1444 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/03 18:02:00.0899 1444 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/03 18:02:00.0993 1444 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/03 18:02:01.0071 1444 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/03 18:02:01.0196 1444 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/03 18:02:01.0243 1444 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 18:02:01.0383 1444 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 18:02:01.0570 1444 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 18:02:01.0648 1444 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 18:02:01.0898 1444 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 18:02:02.0023 1444 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 18:02:02.0179 1444 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 18:02:02.0241 1444 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/03 18:02:02.0584 1444 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 18:02:02.0818 1444 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/03 18:02:02.0881 1444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/03 18:02:02.0943 1444 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/03 18:02:03.0005 1444 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/03 18:02:03.0473 1444 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/03 18:02:03.0629 1444 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/03 18:02:03.0754 1444 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/03 18:02:04.0082 1444 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/03 18:02:04.0409 1444 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/03 18:02:04.0565 1444 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 18:02:04.0675 1444 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/03 18:02:04.0768 1444 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/03 18:02:05.0033 1444 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/03 18:02:05.0439 1444 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/03 18:02:05.0579 1444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/03 18:02:05.0689 1444 IntcHdmiAddService (ab8b0206bcdff0ed03cec500fa03a32a) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/03 18:02:05.0751 1444 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/03 18:02:05.0798 1444 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 18:02:05.0923 1444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 18:02:06.0266 1444 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/03 18:02:06.0547 1444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/03 18:02:06.0749 1444 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 18:02:06.0983 1444 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/03 18:02:07.0202 1444 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/03 18:02:07.0264 1444 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/03 18:02:07.0342 1444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/03 18:02:07.0405 1444 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/03 18:02:07.0498 1444 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/03 18:02:07.0623 1444 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 18:02:07.0982 1444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 18:02:08.0309 1444 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/03 18:02:08.0465 1444 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/03 18:02:08.0606 1444 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/03 18:02:08.0653 1444 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/03 18:02:08.0746 1444 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/03 18:02:09.0027 1444 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/03 18:02:09.0152 1444 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/03 18:02:09.0292 1444 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/03 18:02:09.0386 1444 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 18:02:09.0526 1444 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/03 18:02:09.0698 1444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 18:02:09.0916 1444 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 18:02:09.0963 1444 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/03 18:02:10.0025 1444 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 18:02:10.0197 1444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/03 18:02:10.0259 1444 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 18:02:10.0384 1444 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 18:02:10.0509 1444 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 18:02:10.0681 1444 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 18:02:10.0821 1444 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/03 18:02:11.0071 1444 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/03 18:02:11.0445 1444 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 18:02:11.0617 1444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/03 18:02:11.0913 1444 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 18:02:12.0007 1444 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 18:02:12.0069 1444 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 18:02:12.0272 1444 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 18:02:12.0537 1444 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/03 18:02:12.0771 1444 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 18:02:12.0849 1444 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/03 18:02:12.0943 1444 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 18:02:13.0052 1444 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/03 18:02:13.0114 1444 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 18:02:13.0208 1444 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 18:02:13.0255 1444 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 18:02:13.0317 1444 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 18:02:13.0411 1444 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 18:02:13.0457 1444 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 18:02:13.0645 1444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/03 18:02:13.0707 1444 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 18:02:13.0785 1444 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 18:02:14.0081 1444 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 18:02:14.0191 1444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/03 18:02:14.0253 1444 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/03 18:02:14.0362 1444 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/05/03 18:02:14.0440 1444 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/03 18:02:14.0503 1444 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/03 18:02:14.0565 1444 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/03 18:02:14.0721 1444 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/03 18:02:15.0017 1444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/03 18:02:15.0220 1444 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 18:02:15.0454 1444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/03 18:02:15.0688 1444 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/03 18:02:15.0844 1444 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/03 18:02:15.0938 1444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/03 18:02:16.0063 1444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/03 18:02:16.0203 1444 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 18:02:16.0265 1444 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/03 18:02:16.0421 1444 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 18:02:16.0546 1444 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/03 18:02:16.0593 1444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/03 18:02:16.0702 1444 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 18:02:16.0765 1444 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 18:02:16.0827 1444 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 18:02:16.0905 1444 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 18:02:16.0936 1444 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 18:02:17.0045 1444 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 18:02:17.0123 1444 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 18:02:17.0186 1444 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/03 18:02:17.0264 1444 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 18:02:17.0326 1444 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 18:02:17.0545 1444 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 18:02:17.0654 1444 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/03 18:02:17.0794 1444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/03 18:02:17.0919 1444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 18:02:18.0013 1444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/03 18:02:18.0059 1444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/03 18:02:18.0137 1444 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/03 18:02:18.0247 1444 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/03 18:02:18.0293 1444 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/03 18:02:18.0356 1444 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/03 18:02:18.0403 1444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/03 18:02:18.0465 1444 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/03 18:02:18.0527 1444 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/03 18:02:18.0637 1444 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/03 18:02:18.0730 1444 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 18:02:18.0886 1444 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/03 18:02:19.0011 1444 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 18:02:19.0073 1444 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 18:02:19.0183 1444 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 18:02:19.0307 1444 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/03 18:02:19.0385 1444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/03 18:02:19.0448 1444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/03 18:02:19.0510 1444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/03 18:02:19.0619 1444 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/03 18:02:19.0775 1444 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 18:02:19.0869 1444 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 18:02:19.0963 1444 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 18:02:20.0025 1444 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 18:02:20.0134 1444 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 18:02:20.0243 1444 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 18:02:20.0306 1444 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/03 18:02:20.0493 1444 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 18:02:20.0571 1444 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/03 18:02:20.0633 1444 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 18:02:20.0696 1444 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/03 18:02:20.0774 1444 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 18:02:20.0852 1444 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/03 18:02:20.0899 1444 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/03 18:02:21.0023 1444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/03 18:02:21.0086 1444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/03 18:02:21.0242 1444 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/03 18:02:21.0367 1444 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/03 18:02:21.0445 1444 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/03 18:02:21.0569 1444 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 18:02:21.0632 1444 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/03 18:02:21.0694 1444 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/03 18:02:21.0757 1444 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/03 18:02:21.0819 1444 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/03 18:02:21.0881 1444 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 18:02:21.0959 1444 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 18:02:22.0022 1444 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/03 18:02:22.0084 1444 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/03 18:02:22.0131 1444 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/03 18:02:22.0287 1444 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/03 18:02:22.0396 1444 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/03 18:02:22.0474 1444 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 18:02:22.0537 1444 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/03 18:02:22.0583 1444 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/03 18:02:22.0646 1444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/03 18:02:22.0708 1444 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 18:02:22.0755 1444 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 18:02:22.0880 1444 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/03 18:02:22.0989 1444 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 18:02:23.0207 1444 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/03 18:02:23.0426 1444 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/03 18:02:23.0535 1444 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 18:02:23.0691 1444 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 18:02:23.0769 1444 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/03 18:02:23.0909 1444 ================================================================================
2011/05/03 18:02:23.0909 1444 Scan finished
2011/05/03 18:02:23.0909 1444 ================================================================================
2011/05/03 18:03:56.0660 2416 Deinitialize success





[ Application Events ]
Error - 2/16/2011 7:29:00 PM | Computer Name = annetta-PC | Source = RasClient | ID = 20227
Description =

Error - 2/16/2011 10:44:46 PM | Computer Name = annetta-PC | Source = RasClient | ID = 20227
Description =

Error - 2/16/2011 10:45:54 PM | Computer Name = annetta-PC | Source = RasClient | ID = 20227
Description =

Error - 2/16/2011 10:47:03 PM | Computer Name = annetta-PC | Source = RasClient | ID = 20227
Description =

Error - 2/16/2011 10:48:12 PM | Computer Name = annetta-PC | Source = RasClient | ID = 20227
Description =

Error - 2/17/2011 10:54:24 AM | Computer Name = annetta-PC | Source = RasClient | ID = 20227
Description =

Error - 5/2/2011 10:49:03 PM | Computer Name = annetta-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/2/2011 11:48:33 PM | Computer Name = annetta-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2011 12:34:58 AM | Computer Name = annetta-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/3/2011 1:23:14 AM | Computer Name = annetta-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/2/2011 10:47:56 PM | Computer Name = annetta-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 5/2/2011 10:48:03 PM | Computer Name = annetta-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 00234D192C06 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/2/2011 10:48:10 PM | Computer Name = annetta-PC | Source = HTTP | ID = 15016
Description =

Error - 5/2/2011 10:48:17 PM | Computer Name = annetta-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{6CD6FAE2-4A87-47C7-9F72-64F67C1420E8}
because another computer on the network has the same name. The server could not
start.

Error - 5/2/2011 10:48:17 PM | Computer Name = annetta-PC | Source = netbt | ID = 4321
Description = The name "ANNETTA-PC :20" could not be registered on the interface
with IP address 192.168.1.105. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 5/2/2011 10:48:20 PM | Computer Name = annetta-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{6CD6FAE2-4A87-47C7-9F72-64F67C1420E8}
because another computer on the network has the same name. The server could not
start.

Error - 5/2/2011 10:48:20 PM | Computer Name = annetta-PC | Source = netbt | ID = 4321
Description = The name "ANNETTA-PC :0" could not be registered on the interface
with IP address 192.168.1.105. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 5/2/2011 10:48:20 PM | Computer Name = annetta-PC | Source = netbt | ID = 4321
Description = The name "ANNETTA-PC :0" could not be registered on the interface
with IP address 192.168.1.105. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 5/2/2011 10:48:20 PM | Computer Name = annetta-PC | Source = netbt | ID = 4321
Description = The name "ANNETTA-PC :20" could not be registered on the interface
with IP address 192.168.1.105. The computer with the IP address 192.168.1.103 did
not allow the name to be claimed by this computer.

Error - 5/2/2011 10:49:04 PM | Computer Name = annetta-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-03 18:52:40
-----------------------------
18:52:40.817 OS Version: Windows 6.0.6001 Service Pack 1
18:52:40.817 Number of processors: 1 586 0xF0D
18:52:40.832 ComputerName: ANNETTA-PC UserName: anette
18:52:47.119 Initialize success
18:52:50.988 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:52:50.988 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
18:52:53.016 Disk 0 MBR read successfully
18:52:53.032 Disk 0 MBR scan
18:52:53.032 Disk 0 unknown MBR code
18:52:55.044 Disk 0 scanning sectors +312573952
18:52:55.075 Disk 0 scanning C:\Windows\system32\drivers
18:52:58.850 Service scanning
18:53:00.488 Disk 0 trace - called modules:
18:53:00.520 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys
18:53:00.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ed2688]
18:53:00.535 3 CLASSPNP.SYS[805e3745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e0d030]
18:53:00.535 Scan finished successfully
18:53:24.965 Disk 0 MBR has been saved successfully to "C:\Users\anette\Desktop\MBR.dat"
18:53:24.980 The log file has been saved successfully to "C:\Users\anette\Desktop\aswMBR.txt"
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
Avast just wants you to register again. I think if you right click on the Avast ball and click on Registration info there will be a link to register it.
I always go in and turn off the Avast sound - at least for updates and scans finished. Click on the Avast ball and select Settings then Sounds then uncheck any you don't want. Avast may update its definitions several times a day. This is a good thing unless you leave the sound on and are trying to sleep when it updates and loudly reports, "Avast Database has been updated." The little popup will fade away on its own in a minute or two.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20

(While you are uninstalling stuff get rid of "iWinArcade" = iWin Games (remove only). Also if you will have a different printer I would uninstall your mom's HP Photosmart stuff:

"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

And these too:
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 (obsolete)
"ViewpointMediaPlayer" = Viewpoint Media Player (ad-ware. Best Media player is VLC http://www.videolan....ad-windows.html
"WildTangent hp Master Uninstall" = My HP Games
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX If you need this download fresh copies from adobe.com
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin If you need this download fresh copies from adobe.com
"AIM_6" = AIM 6 - AOL Instant Messenger


Upgrade Firefox to 4.x
http://www.mozilla.c...=win&lang=en-US

Since you want to start from scratch, I would download the update installer then uninstall Firefox and then delete the folders:
C:\Users\anette\AppData\Roaming\mozilla
C:\Program Files\Mozilla Firefox

reboot then install the upgrade. Get the Ad-block Plus add-on. Also download Speedyfox:
http://www.crystalidea.com/speedyfox. Move speedyfox to your desktop. Close Firefox and run Speedyfox. Hit Speedup up my firefox. Exit. Restart Firefox. Should take less than 5 seconds for it to come up unless you have a really slow home page.

Get the latest Java at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Run Speedyfox as before. Do this anytime Firefox gets updated or you add an add-on or it just seems slow to start.

Fox-it is a good replacement for Adobe Reader. The one you have is probably a bit dated so should be updated.
http://www.foxitsoft...com/pdf/reader/
They want to install a toolbar. They say it is a fox-it toolbar but in reality it is nothing but the foistware ask toolbar so don't let them.


I do use Adobe reader with IE since they have finally quit foisting getPlus and the Yahoo toolbar on you but I don't let them be my default pdf reader.

Your Combofix log shows:
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]

but this is apparently a normal indication with Avast on Vista. Just means that Avast is not letting Combofix look at the files.

MBAM, TDSSKiller and aswMBR are all clean.

The following is a sort of tuneup procedure:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on Computer and select Manage then Event Viewer to bring up the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear, Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Programs, Accessories, right click on Command Prompt and Run As Administrator (Continue). Type with an Enter after each line:

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD/DVD and you don't have one or it doesn't like yours just tell it to SKIP or Continue until it finishes.)

sigverif

(Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.))

exit

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts
Morning Ron, (may I call you Ron?)

Is it too late to create another Admin acct. for myself and delete hers before I re-install Firefox or will the programs that we installed for the purposes above not work because of Admin. permissions? Or is there a way to just change the name on the present Admin. acct.? If not, no big deal! I can live with it.

Thanks for your help,

Donna :)
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
Of course you can call me Ron.

You can create a new admin account anytime. Most programs will be installed for All Users so the new account should have access to most of the installed programs and the programs are usually smart enough to tell the difference between users. I'd leave the old account for now just in case there is something that the old account has that you don't. Also a second admin account is a good idea in case your own gets attacked.

Changing the name is possible but it's not a complete name change. The user will see the new name but the folder names stay the same so it makes life a bit confusing if you start looking below the surface. I don't recommend it.

Ron
  • 0

#9
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts
:) Hi Ron,

You can create a new admin account anytime.

Ok, I'll just save that for later then.

(SPACE after sfc. This will check your critical system files. If it asks for a CD/DVD and you don't have one or it doesn't like yours just tell it to SKIP or Continue until it finishes.)


I do have a Retail Vista Home Premium upgrade disk and a Vista recovery disk that I had burned from neosmart. Will one of those be sufficient?

I also have a retail version of Win7.

Donna
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
This PC is Vista Home Basic so that is probably what it wants to see but if it does ask I would try the Retail Vista Home Premium upgrade disk. It probably won't like it tho. However, sfc in Vista is much better than in XP so usually it doesn't need to ask for a disk. Up until recently tho it would run all the way through on my PC then say there were some files it couldn't fix. When I looked at the log it was upset because some desktop.ini files had changed. Seems like they fixed that recently tho.

http://support.microsoft.com/kb/928228 tells how to look at the log.

Ron
  • 0

Advertisements


#11
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts
Morning Ron! :yes:

Had hoped to have this posted last night but connection was shaky due to inclement weather passing through. :)

Avast just wants you to register again.

Well, duh! Wasn't thinking. Avast is now registered! I'll work around the sounds later though I do like the nice lady's voice...not so monotone and lifeless. She may be a keeper.

I cleared the Java Cache ... again! For some reason it must not have cleared out the first time when I followed your instructions.

Older Java's un-installed along with the programs you suggested.

There's a few other things I saw that may be useless to me. I'll create a list and ask you about them later if you don't mind.

C:\Users\anette\AppData\Roaming\mozilla

No mozilla folder but I did find a Symantic folder that I deleted.

Folders deleted in C:\Programs
HP Games
Mozilla Firefox
iWin.com Games

Upgrade Firefox to 4.0.1 - check!
Get the Ad-block Plus add-on. - check!
Also download Speedyfox: and check! wow! noticable difference!

Get the latest Java - check! Update 24 installed. I'll look into Update 25.

FoxIt Reader updated to file version 4.3 - check! Even after unchecking the toolbar The Foxit Reader PDF Creator toolbar was installed! I took care of it! The beast! I hate toolbars!

System file checker found some corruption but could not fix and did not ask for disk. Access denied when I followed path C:\Windows\Logs\CBS\CBS.log and no results from command findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

Scan results below:

Microsoft Windows [Version 6.0.6001]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>sigverif

C:\Windows\system32>


Event Viewer logs below.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/05/2011 7:50:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2011 12:11:24 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 05/05/2011 12:12:24 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/05/2011 3:02:57 PM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6CD6FAE2-4A87-47C7-9F72-64F67C1420E8}. The backup browser is stopping.

Log: 'System' Date/Time: 05/05/2011 6:18:36 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.105 for the Network Card with network address 00234D192C06 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 05/05/2011 9:54:20 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.105 for the Network Card with network address 00234D192C06 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 05/05/2011 9:57:45 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.105 for the Network Card with network address 00234D192C06 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 05/05/2011 9:59:32 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 05/05/2011 10:01:00 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 05/05/2011 10:12:47 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.105 for the Network Card with network address 00234D192C06 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2011 11:00:44 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 05/05/2011 11:00:44 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/05/2011 3:01:56 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\JOE-PC on the network \Device\NetBT_Tcpip_{6CD6FAE2-4A87-47C7-9F72-64F67C1420E8}. Browser master: \\JOE-PC Network: \Device\NetBT_Tcpip_{6CD6FAE2-4A87-47C7-9F72-64F67C1420E8} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 05/05/2011 6:18:36 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 05/05/2011 9:54:20 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 05/05/2011 9:57:45 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 05/05/2011 9:58:34 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 05/05/2011 9:58:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/05/2011 10:12:47 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2011 12:12:23 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 05/05/2011 10:00:59 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/05/2011 2:49:17 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1104717877-2043025573-451896119-1000:
Process 1260 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1104717877-2043025573-451896119-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1260 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1104717877-2043025573-451896119-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Let me know if I missed anything! Think I may not have checked the spot for Warnings type on the Applications log the first time. Sorry! Was sure that I did.

Have a nice day!

Donna :unsure:

Edited by DonnaB, 06 May 2011 - 05:49 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt just creates a file called sfcdetails.txt in whatever directory you are in. (Sometimes with Vista you need to right click on Command Prompt and Run As Administrator or the command doesn't have high enough permission to create the file.)

then you just do

notepad sfcdetails.txt

I'll look at the rest of your post later. Got to walk the dog.

Ron
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
This event:

Log: 'Application' Date/Time: 05/05/2011 12:12:23 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

has a KB:
http://support.microsoft.com/kb/950375

but you might be able to fix it by just installing Service Pack 2 for Vista which I just realized you don't have. Are Automatic Updates turned off? Start, (Settings,) Control Panel, Windows Updates and it should tell you if they are off and offer to turn them on. It will also offer you any important updates you need. I would expect SP2 to be on the list.

Ron
  • 0

#14
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts

(Sometimes with Vista you need to right click on Command Prompt and Run As Administrator or the command doesn't have high enough permission to create the file.)


After I scheduled a disk check upon reboot and cleared out the System/Applications logs I then Right clicked on the Command Prompt to bring up the Adiminstartor:Command Prompt then ran the system file checker (sfc) scan. Once it was finished I followed the Windows Directory path to the CBS folder to access CBS.log but was confronted with the Access is Denied. I thought maybe trying the findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt command via Administrator:Command Prompt would allow me access but it didn't.

Right clicked Command Prompt, clicked on Run as Administrator and typed in notepad sfcdetails.txt The corrupt files were associated with "settings.ini of Microsoft-Windows-Sidebar.

pertaining to the error you pointed out in post #13:
you might be able to fix it by just installing Service Pack 2 for Vista which I just realized you don't have. Are Automatic Updates turned off?

Oh yeah! They're turned on alright be she had them set to install at 3am and she never left her (my) laptop on overnight for it to install. I went to MS Updates before posting just to see how many were needed and I found 53 other updates but SP2 did not show up in the list. I just checked the Windows Update on the laptop and SP2 is the lone update just waiting to be installed. I went ahead and chose install and the download bar has just been sitting there as if in limbo but I will let it sit to see if it will update and fix the problem before I go the KB 950375 route.

Got to walk the dog.


Good choice! Log can wait...dog can't... or you'll have puddles to clean up! :unsure:

I'll let you know when SP2 has completed, if it does. It's been 20 mins now and the download bar is still blank. Could be my Internet connection (satellite). It's been shaky here lately. And there's no way I'm switching over to my Dial-up that I keep just in case I need it. That would take forever!

Thanks Ron,

Donna :)

Edited by DonnaB, 06 May 2011 - 06:02 PM.

  • 0

#15
DonnaB

DonnaB

    Miss Congeniality

  • Topic Starter
  • GeekU Moderator
  • 8,529 posts
Hi Ron,

Update!

I went ahead and downloaded the standalone version of SP2 to the desktop and installed from there. I then cleared out the Event Viewer logs and ran the Event Viewer Tool twice for Applications. The first time it came up clean as a whistle. The second time I received the same error as above.

I'll go ahead and follow the directions for the KB950375 as you posted above.

There were no entries for Warning Type.

I'm not hurting anything by running that tool again am I?

I also have 1 important update to install yet--> KB915597 which is a definition update for Windows Defender and 3 optionals.

I'll post back when finished. Getting late here, may have to finish after work tomorrow.

Thank you!

Donna :)

Edited by DonnaB, 06 May 2011 - 08:18 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP