jdpatel Posted March 9, 2009 Report Share Posted March 9, 2009 I recently started getting pop-ups for random websites when ever I open Internet Explorer(needed it for a site that wouldn't work in FF). But after that they also open up when I'm not using IE or using FF. I'm not sure what the problem is. I've done a scan with my anti-virus(Avast) which found nothing and also done a full scan with MBAM which found nothing. Hopefully I can get rid of whatever there is in my machine.For reference here are the logs from HijackThis and MBAM:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:07:10 PM, on 3/9/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Orb Networks\Orb\bin\OrbTray.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Orb Networks\Orb\bin\Orb.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Windows\WindowsMobile\wmdc.exeC:\Windows\System32\rundll32.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\schtasks.exeC:\Windows\ehome\ehmsas.exeC:\Windows\System32\mobsync.exeC:\Windows\system32\jusched.exeC:\hp\kbd\kbd.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vadtal.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXEO4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exeO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRunO4 - HKCU\..\Run: [option remote] "C:\ProgramData\rectflawflaw.52yyh"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: check-ip-changed.batO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cabO18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dllO18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exeO23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeO23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 8696 bytesMBAMMalwarebytes' Anti-Malware 1.34Database version: 1828Windows 6.0.6001 Service Pack 13/9/2009 6:06:45 PMmbam-log-2009-03-09 (18-06-45).txtScan type: Full Scan (C:\|)Objects scanned: 163562Time elapsed: 1 hour(s), 50 minute(s), 58 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Quote Link to post Share on other sites
Andro1d Posted March 16, 2009 Report Share Posted March 16, 2009 Hello and Welcome to the forums. I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today. Step 1Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKCU\..\Run: [option remote] "C:\ProgramData\rectflawflaw.52yyh"O4 - Startup: check-ip-changed.batNow close all windows other than Hijackthis, then click Fix Checked. Close HijackThis. Step 2Download the HostsXpert 4.2 - Hosts File Manager.Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File ManagerRun HostsXpert 4.2 - Hosts File Manager from its new homeClick on "File Handling".Click on "Restore MS Hosts File".Click OK on the Confirmation box.Click on "Make Read Only?"Click the X to exit the program.Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.Step 3Download OTViewIt to your desktop.Close all windows and open itClick Run Scan and let the program run uninterruptedIt will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.You may need to use multiple posts to fit it all into this topic. Quote Link to post Share on other sites
jdpatel Posted March 19, 2009 Author Report Share Posted March 19, 2009 Sorry for the late reply. I'm currently away from the computer that has the problem, as soon as I can access it I will do what you listed and post back the results. Thanks for your help.Hello and Welcome to the forums. I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today. Step 1Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKCU\..\Run: [option remote] "C:\ProgramData\rectflawflaw.52yyh"O4 - Startup: check-ip-changed.batNow close all windows other than Hijackthis, then click Fix Checked. Close HijackThis. Step 2Download the HostsXpert 4.2 - Hosts File Manager.Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File ManagerRun HostsXpert 4.2 - Hosts File Manager from its new homeClick on "File Handling".Click on "Restore MS Hosts File".Click OK on the Confirmation box.Click on "Make Read Only?"Click the X to exit the program.Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.Step 3Download OTViewIt to your desktop.Close all windows and open itClick Run Scan and let the program run uninterruptedIt will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.You may need to use multiple posts to fit it all into this topic. Quote Link to post Share on other sites
Andro1d Posted March 20, 2009 Report Share Posted March 20, 2009 Ok, sounds good. Quote Link to post Share on other sites
jdpatel Posted March 22, 2009 Author Report Share Posted March 22, 2009 Here is the OTViewIt.txt log:OTViewIt logfile created on: 3/22/2009 1:15:25 PM - Run 2OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Owner\DownloadsWindows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 7.0.6001.18000)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy893.82 Mb Total Physical Memory | 455.56 Mb Available Physical Memory | 50.97% Memory free2.00 Gb Paging File | 0.83 Gb Available in Paging File | 41.33% Paging File freePaging file location(s): ?:\pagefile.sys;%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 289.23 Gb Total Space | 229.18 Gb Free Space | 79.24% Space Free | Partition Type: NTFSDrive D: | 8.85 Gb Total Space | 1.21 Gb Free Space | 13.63% Space Free | Partition Type: NTFSDrive E: | 702.62 Mb Total Space | 673.09 Mb Free Space | 95.80% Space Free | Partition Type: UDFF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: OWNER-PCCurrent User Name: OwnerLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days========== Processes ==========[2008/01/19 02:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe[2008/01/19 02:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe[2008/05/22 14:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe[2008/01/19 02:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe[2007/05/15 19:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2007/03/26 07:49:26 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcccoms.exe[2008/01/29 21:19:34 | 00,041,472 | ---- | M] (Orb Networks) -- C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe[2008/12/09 18:01:22 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe[2008/01/19 02:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe[2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2007/05/24 15:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe[2008/01/19 02:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe[2007/04/18 10:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe[2007/02/15 06:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2008/01/15 11:26:18 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe[2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe[2008/04/29 19:56:20 | 00,158,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe[2007/05/31 09:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe[2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe[2007/06/01 15:40:28 | 01,783,400 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[2008/01/19 02:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe[2008/01/19 02:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe[2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe[2008/01/19 02:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe[2008/01/19 02:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe[2008/01/19 02:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe[2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe[2007/04/07 04:56:47 | 00,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe[2008/01/05 06:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe[2007/05/16 11:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe[2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe[2009/03/20 16:56:05 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTViewIt.exe[2008/09/26 12:02:04 | 02,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe[2008/06/10 19:04:58 | 00,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe[2008/05/27 00:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe[2008/05/27 00:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe[2008/01/19 02:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe========== (O23) Win32 Services ==========File not found -- -- (Apache2 [Auto | Stopped])[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])File not found -- -- (CertPropSvc [unknown | Stopped])[2008/01/05 06:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])File not found -- -- (DcomLaunch [unknown | Running])[2008/01/19 02:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])[2008/01/19 02:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [unknown | Running])[2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])[2008/01/05 06:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])[2008/01/19 02:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [unknown | Running])[2007/05/24 15:13:54 | 00,061,440 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Auto | Running])[2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])[2007/05/15 19:20:12 | 00,079,400 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])[2007/03/26 07:49:26 | 00,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcccoms.exe -- (lxcc_device [Auto | Running])[2006/11/02 08:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [unknown | Stopped])[2008/01/05 06:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])[2008/05/22 14:49:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])[2008/01/29 21:19:34 | 00,041,472 | ---- | M] (Orb Networks) -- C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe -- (OrbMediaService [Auto | Running])[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])[2008/12/09 18:01:22 | 00,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])[2008/08/08 21:10:46 | 00,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])[2007/05/11 13:15:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])[2005/08/02 16:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])[2008/01/19 02:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [unknown | Stopped])File not found -- -- (Schedule [unknown | Running])File not found -- -- (SCPolicySvc [unknown | Stopped])[2008/01/19 02:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])[2007/05/03 15:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])[2008/01/19 02:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])[2008/01/19 02:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])File not found -- -- (WdiServiceHost [unknown | Stopped])File not found -- -- (WdiSystemHost [unknown | Running])[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])[2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])[2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])[2008/04/29 19:56:32 | 05,065,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])[2008/04/29 19:56:22 | 00,245,664 | ---- | M] (Microsoft Corporation) -- c:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])[2008/12/05 15:51:06 | 00,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])[2009/01/07 13:47:12 | 00,315,264 | ---- | M] (McAfee, Inc.) -- C:\Users\Owner\AppData\Local\Temp\0218161237584518mcinst.exe -- (0218161237584518mcinstcleanup [Auto | Stopped])========== Driver Services ==========[2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])[2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])[2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])[2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])[2006/11/02 04:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])[2006/11/02 04:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])[2008/01/19 00:27:20 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])[2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])[2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])[2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])[2009/02/05 15:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])[2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [system | Running])[2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [system | Running])[2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])[2008/01/19 00:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])[2006/11/02 03:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])[2008/01/19 02:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [unknown | Running])[2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])[2006/11/02 04:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [boot | Running])[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])[2008/01/19 00:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [system | Running])[2008/08/01 20:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])[2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])[2008/01/19 02:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [boot | Running])[2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])[2008/01/19 00:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])[2008/01/19 02:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [boot | Running])[2008/01/19 00:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])[2006/11/02 04:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])[2006/11/02 02:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])[2008/01/18 23:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])[2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])[2008/05/08 13:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP [On_Demand | Running])[2008/05/08 13:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])[2008/01/15 19:19:04 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])[2006/11/02 03:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])[2008/01/19 02:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])[2006/11/02 03:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])[2008/01/19 00:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])[2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])[2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])[2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])[2008/01/19 00:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])[2008/02/12 16:31:15 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])[2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])[2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])[2008/01/19 00:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])[2006/11/02 04:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])[2008/01/19 00:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])[2008/08/26 20:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])[2008/01/19 00:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])[2006/11/02 04:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])[2006/11/02 04:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])[2008/01/19 02:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [boot | Running])[2008/01/19 02:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])[2008/05/19 21:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])[2008/02/26 09:17:30 | 00,493,568 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\netr73.sys -- (netr73 [On_Demand | Running])[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])[2005/08/02 16:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\Windows\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])[2008/01/19 00:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [system | Running])[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])[2007/05/03 13:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])[2008/05/22 14:49:00 | 07,465,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])[2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])[2007/10/26 12:51:22 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32 [boot | Running])[2006/11/02 04:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])[2008/08/06 23:27:29 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])[2005/12/12 12:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])[2008/04/04 20:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [system | Running])[2007/02/02 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])[2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])[2008/01/19 00:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])[2008/01/19 00:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])[2008/01/19 01:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [system | Running])[2008/01/19 00:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])[2008/01/19 00:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])[2007/08/11 09:49:19 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])[2007/08/11 09:49:19 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])[2007/08/11 09:49:19 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])[2006/11/02 04:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])[2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])[2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])[2008/01/19 00:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [system | Running])[2008/01/19 02:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [boot | Running])[2008/01/19 00:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])[2008/01/19 00:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])[2008/01/19 00:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])[2008/01/19 00:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [system | Running])[2008/01/19 01:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])[2008/01/19 00:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])[2008/01/19 00:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])[2006/11/02 04:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])[2006/11/02 04:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])[2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])[2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])[2008/01/19 00:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])[2008/01/19 00:56:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])[2006/11/02 03:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])[2006/11/02 03:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])[2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])[2008/01/19 02:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [boot | Running])[2008/01/19 02:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [boot | Running])[2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])[2006/11/02 04:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])[2008/01/19 02:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [boot | Running])[2008/05/08 13:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])[2008/01/19 00:53:22 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB [On_Demand | Stopped])[2006/11/02 03:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])[2008/01/19 00:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])[2007/10/18 07:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])========== (R ) Internet Explorer ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896"Default_Secondary_Page_URL"="Extensions Off Page"=about:NoAdd-ons"Local Page"=%SystemRoot%\system32\blank.htm"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896"Security Risk Page"=about:SecurityRisk"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]"Local Page"=C:\Windows\system32\blank.htm"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896"Start Page"=http://www.vadtal.com/"StartPageCache"=[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable" = 0========== (O1) Hosts File ==========HOSTS File = (698 bytes) - C:\Windows\System32\drivers\etc\HostsFirst 25 entries...127.0.0.1 localhost========== (O2) BHO's ==========[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated){761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.){9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation){B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()========== (O3) Toolbars ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()========== (O4) Run Keys ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]""= File not found"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)"KBD"=C:\HP\KBD\KbdStub.EXE ()"LXCCCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 ()"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" (OsdMaestro)"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" (Sun Microsystems, Inc.)"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (Hewlett-Packard)"option remote"="C:\ProgramData\rectflawflaw.jc77oe9" File not found========== (O4) RunOnce Keys ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)========== (O6 & O7) Current Version Policies ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]"ConsentPromptBehaviorAdmin"=2"ConsentPromptBehaviorUser"=1"EnableInstallerDetection"=1"EnableLUA"=1"EnableSecureUIAPaths"=1"EnableVirtualization"=1"PromptOnSecureDesktop"=0"ValidateAdminCodeSignatures"=0"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="scforceoption"=0"shutdownwithoutlogon"=1"undockwithoutlogon"=1"FilterAdministratorToken"=0"EnableUIADesktopToggle"=0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]"CF_TEXT"=1"CF_BITMAP"=2"CF_OEMTEXT"=7"CF_DIB"=8"CF_PALETTE"=9"CF_UNICODETEXT"=13"CF_DIBV5"=17========== (O8) IE Context Menu Extensions ==========[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]Add to Windows &Live Favorites: File not found========== (O9) IE Extensions ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [2007/04/07 04:56:44 | 00,501,400 | ---- | M] (Sun Microsystems, Inc.){2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation){2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)========== (O12) Internet Explorer Plugins ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%sPluginsPageFriendlyName: "" = Microsoft ActiveX Gallery========== (O13) Default Prefixes ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]""=http://========== (O15) Trusted Sites ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]Range1: ":Range"=127.0.0.1 -- http in Local intranet | ========== (O16) DPF ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]{0E5F0222-96B9-11D3-8997-00104BD12D94}: http://support.gateway.com/support/profiler/PCPitStop.CAB -- PCPitstop Utility{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}: http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab -- DownloadManager Control========== (O17) DNS Name Servers =========={4AB21358-B990-4BAF-B750-A96083DD64AA} (Servers: | Description: USB Wireless 802.11 b/g Adaptor){726C8E1F-862D-4214-8817-119FF99FCF41} (Servers: | Description: NVIDIA nForce Networking Controller){D4EB04D1-8B67-4627-BBDB-EEF9E8D32502} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)========== HKLM *SecurityProviders* ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]"SecurityProviders"=credssp.dll>[2008/01/19 02:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll========== LSA *Security Packages* ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,>[2008/01/19 02:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll========== Safeboot Options =========="AlternateShell"=cmd.exe========== CDRom AutoRun Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]"AutoRun" = 1========== Autorun Files on Drives ==========autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ][2007/08/11 09:36:29 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]========== MountPoints2 ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c25da5f-9c73-11dc-8dd6-001d6092aef0}\Shell]""=AutoRun[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c25da5f-9c73-11dc-8dd6-001d6092aef0}\Shell\AutoRun\command]""=K:\LaunchU3.exe -- File not found[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c25db58-9c73-11dc-8dd6-001d6092aef0}\Shell]""=AutoRun[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c25db58-9c73-11dc-8dd6-001d6092aef0}\Shell\AutoRun\command]""=K:\LaunchU3.exe -- File not found========== Files/Folders - Created Within 30 Days ==========[7 C:\ProgramData\*.tmp files][2009/03/20 16:55:59 | 00,024,592 | ---- | C] () -- C:\ProgramData\rectflawflaw.jc77oe9[2009/03/20 16:54:43 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HostsXpert[2009/03/20 16:28:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee[2009/03/20 16:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee[2009/03/11 12:30:38 | 00,000,153 | ---- | C] () -- C:\Users\Owner\Desktop\e-File Minnesota.URL[2009/03/11 00:08:50 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll[2009/03/11 00:08:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll[2009/03/11 00:08:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx[2009/03/11 00:08:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll[2009/03/11 00:08:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL[2009/03/11 00:08:40 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll[2009/03/11 00:08:36 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2009/03/09 14:17:55 | 00,001,876 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk[2009/03/09 14:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009/03/09 13:51:50 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes[2009/03/09 13:51:45 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2009/03/09 13:51:45 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2009/03/09 13:51:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2009/03/09 13:51:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2009/03/09 13:51:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/03/09 12:11:22 | 00,009,728 | ---- | C] () -- C:\Users\Owner\Desktop\Breakfast Sign.wps[2009/03/05 17:01:17 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft========== Files - Modified Within 30 Days ==========[7 C:\ProgramData\*.tmp files][2009/03/22 13:10:00 | 00,000,260 | ---- | M] () -- C:\Windows\tasks\ipresub.job[2009/03/22 12:10:39 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2009/03/22 12:10:39 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2009/03/20 16:55:59 | 00,024,592 | ---- | M] () -- C:\ProgramData\rectflawflaw.jc77oe9[2009/03/15 13:48:17 | 00,000,514 | ---- | M] () -- C:\Users\Owner\Documents\My Sharing Folders.lnk[2009/03/11 16:13:56 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2009/03/11 16:13:56 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2009/03/11 16:13:56 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2009/03/11 16:09:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2009/03/11 16:09:23 | 00,339,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2009/03/11 16:09:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2009/03/11 16:08:40 | 93,800,8576 | -HS- | M] () -- C:\hiberfil.sys[2009/03/11 16:07:07 | 03,556,647 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db[2009/03/11 12:31:59 | 00,000,135 | ---- | M] () -- C:\Users\Owner\Desktop\ll Shree Swaminarayan Temple Sansthan Vadtal ll.URL[2009/03/11 12:31:53 | 00,000,153 | ---- | M] () -- C:\Users\Owner\Desktop\e-File Minnesota.URL[2009/03/09 16:23:53 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt[2009/03/09 14:17:55 | 00,001,876 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk[2009/03/09 13:51:45 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk[2009/03/09 12:30:27 | 00,001,672 | ---- | M] () -- C:\Users\Owner\Desktop\CCleaner.lnk[2009/03/09 12:16:29 | 00,003,780 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat[2009/03/09 12:11:22 | 00,009,728 | ---- | M] () -- C:\Users\Owner\Desktop\Breakfast Sign.wps[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe< End of report > Quote Link to post Share on other sites
jdpatel Posted March 22, 2009 Author Report Share Posted March 22, 2009 Here is the Extras.Txt log:OTViewIt Extras logfile created on: 3/22/2009 1:15:25 PM - Run 2OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Owner\DownloadsWindows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 7.0.6001.18000)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy893.82 Mb Total Physical Memory | 455.56 Mb Available Physical Memory | 50.97% Memory free2.00 Gb Paging File | 0.83 Gb Available in Paging File | 41.33% Paging File freePaging file location(s): ?:\pagefile.sys;%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 289.23 Gb Total Space | 229.18 Gb Free Space | 79.24% Space Free | Partition Type: NTFSDrive D: | 8.85 Gb Total Space | 1.21 Gb Free Space | 13.63% Space Free | Partition Type: NTFSDrive E: | 702.62 Mb Total Space | 673.09 Mb Free Space | 95.80% Space Free | Partition Type: UDFF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: OWNER-PCCurrent User Name: OwnerLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days========== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval"=1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring"=1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring"=1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride"=0"AntiSpywareOverride"=0"FirewallOverride"=0"VistaSp1"=[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"DisableNotifications"=0"EnableFirewall"=1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][2006/08/30 07:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink========== (O10) Winsock2 Catalogs ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Protocol Defaults ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocolsldap -- 4 = Restricted sites (Not a Default Protocol)news -- 4 = Restricted sites (Not a Default Protocol)nntp -- 4 = Restricted sites (Not a Default Protocol)oecmd -- 4 = Restricted sites (Not a Default Protocol)snews -- 4 = Restricted sites (Not a Default Protocol)========== (O18) Protocol Handlers ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\][2008/12/09 19:19:28 | 00,070,944 | ---- | M] (Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (intu-help-qb2:{84D77A00-41B5-4b8b-8ADF-86486D72E749} (HKLM) [intuit Help System Async Pluggable Protocol (v2) for QuickBooks])[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])[2007/11/07 10:23:16 | 00,991,736 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])[2001/06/20 04:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])[2007/10/18 12:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])[2008/11/14 12:25:26 | 00,150,032 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])[2007/10/23 13:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}"=Zune Language Pack (FR)"{029B5901-1F27-4347-9923-E8ACC8F54E15}"=Snapfish Picture Mover"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}"=Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}"=Python 2.5"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}"=HP Active Support Library"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data"{0DC16794-7E69-4534-82FA-9DD0500FF338}"=Microsoft XNA Game Studio 3.0 (CTP) (Redists)"{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}"=HP Total Care Advisor"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}"=Roxio Creator EasyArchive"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}"=muvee autoProducer 6.0"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate"{209CDA54-D390-46A2-A97C-7BF61734418D}"=WeatherBug Gadget"{254C37AA-6B72-4300-84F6-98A82419187E}"=ActiveCheck component for HP Active Support Library"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}"=Microsoft Visual C# 2008 Express Edition - ENU"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}"=Windows Live Photo Gallery"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}"=Microsoft SQL Server Compact 3.5 Design Tools ENU"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Roxio Activation Module"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}"=McAfee SiteAdvisor"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}"=Microsoft XNA Framework Redistributable 3.0 (CTP)"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}"=Microsoft XNA Game Studio 3.0 (CTP) (vcsexpress)"{40F7AED3-0C7D-4582-99F6-484A515C73F2}"=HP Easy Setup - Frontend"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}"=Paint.NET v3.36"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}"=HP Picasso Media Center Add-In"{5A3F6A80-7913-475E-8B96-477A952CFA43}"=SupportSoft Assisted Service"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3"{669D4A35-146B-4314-89F1-1AC3D7B88367}"=HPAsset component for HP Active Support Library"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}"=HP Active Support Library 32 bit components"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable"{76C24F39-B161-498F-BD8B-C64789812D13}_is1"=ConvertXtoDVD 3.1.3.40"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}"=Microsoft XNA Game Studio 3.0 (CTP) Documentation"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player"{8DC197D6-F4AB-44E0-ACF7-210355E6F389}"=Windows Speech Recognition Macros"{904CCF62-818D-4675-BC76-D37EB399F917}"=Windows Mobile Device Center"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}"=Microsoft Games for Windows - LIVE Redistributable"{938B1CD7-7C60-491E-AA90-1F1888168240}"=Roxio MyDVD Basic v9"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}"=Windows Live Sign-in Assistant"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting"{9A2F0810-3619-4E86-9072-973FBE1679C5}"=QuickBooks Simple Start 2009"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}"=HP Customer Feedback"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}"=Highlight Viewer (Windows Live Toolbar)"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}"=HP Customer Experience Enhancements"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe Reader 8"{AC76BA86-7AD7-5760-0000-800000000003}"=Japanese Fonts Support For Adobe Reader 8"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}"=Microsoft XNA Game Studio 3.0 (CTP) (shared components)"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter"{B4C0A315-07FB-39F9-85CD-8CE20C019350}"=Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}"=LightScribe 1.6.45.1"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}"=Microsoft SQL Server Compact 3.5 ENU"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator Basic v9"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}"=Microsoft XNA Game Studio 3.0 (CTP) (xnaliveproxy)"{E1D78366-91DA-4AD0-B417-28155743CC22}"=Microsoft XNA Game Studio 3.0 (CTP) (ARP entry)"{E7044E25-3038-4A76-9064-344AC038043E}"=Windows Mobile Device Center Driver Update"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}"=Zune Language Pack (ES)"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update"{FF29527A-44CD-3422-945E-981A13584000}"=VC Runtimes MSI"{FF70513F-E3A7-402F-84FB-B7810A064BE2}"=Zune"7-Zip"=7-Zip 4.56 beta"Ad-Aware SE Professional"=Ad-Aware SE Professional"Adobe AIR"=Adobe AIR"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX"Adobe Flash Player Plugin"=Adobe Flash Player Plugin"Adobe Shockwave Player"=Adobe Shockwave Player 11"Audacity 1.3 Beta (Unicode)_is1"=Audacity 1.3.4 (Unicode)"avast!"=avast! Antivirus"CCleaner"=CCleaner (remove only)"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Soft Data Fax Modem with SmartCP"FeedDemon_is1"=FeedDemon"FeedStation_is1"=FeedStation"FLV Player"=FLV Player 2.0, build 23"Foxit PDF Editor"=Foxit PDF Editor"GIMPshop"=GIMPshop 2.2.8"GreenCheck"=GreenCheck 1.6.8"HijackThis"=HijackThis 2.0.2"Lexmark 3300 Series"=Lexmark 3300 Series"LimeWire"=LimeWire 4.18.6"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware"Messenger Plus! Live"=Messenger Plus! Live & Sponsor (CiD)"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5"Microsoft Visual C# 2008 Express Edition - ENU"=Microsoft Visual C# 2008 Express Edition - ENU"Microsoft XNA Game Studio 3.0 (CTP)"=Microsoft XNA Game Studio 3.0 (CTP)"Mozilla Firefox (3.0.7)"=Mozilla Firefox (3.0.7)"NVIDIA Drivers"=NVIDIA Drivers"Orb"=Orb"OsdMaestro"=HP On-Screen Cap/Num/Scroll Lock Indicator"PC Wizard 2008_is1"=PC Wizard 2008.1.84"PC-Doctor 5 for Windows"=Hardware Diagnostic Tools"SwiftKit"=SwiftKit"SystemRequirementsLab"=System Requirements Lab"Torrents Open Registrations Checker_is1"=Torrents Open Registrations Checker v1.24"VLC media player"=VideoLAN VLC media player 0.8.6i"VobSub"=VobSub v2.23 (Remove Only)"Windows Mobile Device Handbook"=Touch by HTCâ„¢ User Guide"WinGimp-2.0_is1"=Gimp 2.6.1"WinPcapInst"=WinPcap 3.1"Yahoo! Messenger"=Yahoo! Messenger"Yahoo! Search Defender"=Yahoo! Search Protection"Yahoo! SiteBuilder"=Yahoo! SiteBuilder"YInstHelper"=Yahoo! Install Manager"Zune"=Zune========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ESPN Java Check"=ESPN Java Check========== Last 10 Event Log Errors ==========[ Antivirus Events ]Error - 3/13/2008 10:53:31 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\108.jpg\108-{54C2CDC3-F378-4268-9121-B884FE38E748}-v23.jpg failed, 00000490. Error - 3/13/2008 10:53:31 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\109.jpg\109-{54C2CDC3-F378-4268-9121-B884FE38E748}-v24.jpg failed, 00000490. Error - 3/13/2008 10:53:31 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\11.jpg\11-{54C2CDC3-F378-4268-9121-B884FE38E748}-v25.jpg failed, 00000490. Error - 3/13/2008 10:53:31 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\110.jpg\110-{54C2CDC3-F378-4268-9121-B884FE38E748}-v26.jpg failed, 00000490. Error - 3/13/2008 10:53:32 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\111.jpg\111-{54C2CDC3-F378-4268-9121-B884FE38E748}-v27.jpg failed, 00000490. Error - 3/13/2008 10:53:32 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\112.jpg\112-{54C2CDC3-F378-4268-9121-B884FE38E748}-v28.jpg failed, 00000490. Error - 3/13/2008 10:53:32 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Bhabhis Babyshower Pics\113.jpg\113-{54C2CDC3-F378-4268-9121-B884FE38E748}-v29.jpg failed, 00000490. Error - 4/6/2008 9:48:22 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of http://superb-east.dl.sourceforge.net/sour...icode-1.3.4.exe failed, 0000001E. Error - 5/29/2008 8:12:14 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MXSIJBL4\Om%20Swaminaryan%20Namh[2].swf failed, 0000A413. Error - 3/9/2009 3:17:15 PM | Computer Name = Owner-PC | Source = avast! | ID = 33554522Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\ProgramData\test plan each\GLUE FREE.exe failed, 00000005. [ Application Events ]Error - 1/10/2009 11:13:20 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:13:20 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:13:20 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:14:08 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:14:08 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:14:08 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:25:57 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:25:57 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/10/2009 11:25:57 PM | Computer Name = Owner-PC | Source = QuickBooks | ID = 4Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance HandError - 1/11/2009 12:25:31 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000Description = Faulting application qbw32.exe, version 19.0.4005.703, time stamp 0x493ef78c, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c, exception code 0xc0000005, fault offset 0x00038925, process id 0xf28, application start time 0x01c9739c49ac0340.[ Media Center Events ]Error - 11/28/2007 10:52:41 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 11/30/2007 6:59:08 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 12/2/2007 8:52:26 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 12/6/2007 2:51:40 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 12/8/2007 4:46:01 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 12/9/2007 4:47:57 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 12/19/2007 7:53:44 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 6/7/2008 5:05:59 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.[ System Events ]Error - 9/5/2008 7:36:03 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.9.73 for the Network Card with network address 001D6092AEF0 has been denied by the DHCP server 192.168.9.1 (The DHCP Server sent a DHCPNACK message).Error - 9/5/2008 7:37:20 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.9.73 for the Network Card with network address 001D6092AEF0 has been denied by the DHCP server 192.168.9.1 (The DHCP Server sent a DHCPNACK message).Error - 9/9/2008 7:42:49 PM | Computer Name = Owner-PC | Source = netbt | ID = 4307Description = Initialization failed because the transport refused to open initial addresses.Error - 9/10/2008 5:15:53 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016Description = Error - 9/10/2008 5:17:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000Description = Error - 9/10/2008 5:17:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000Description = Error - 9/11/2008 10:54:10 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003Description = Error - 9/13/2008 4:18:47 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003Description = Error - 9/13/2008 4:47:52 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.9.3 for the Network Card with network address 00164414E03D has been denied by the DHCP server 192.168.9.1 (The DHCP Server sent a DHCPNACK message).Error - 9/15/2008 10:15:15 PM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002Description = The IP address lease 68.115.119.74 for the Network Card with network address 001D6092AEF0 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).< End of report > Quote Link to post Share on other sites
Andro1d Posted March 29, 2009 Report Share Posted March 29, 2009 Hey,Very sorry for the delay! I never got an email saying you responded.Step 1Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step 2Please download JavaRa to your Desktop and unzip it to its own folder.Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.Accept any prompts. Open JavaRa.exe again and select Search For Updates.Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.Step 3Please go HERE to run Panda ActiveScan 2.0Click the big green Scan now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)Once the scan is completed, please hit the notepad icon next to the text Export to:Save it to a convenient location such as your Desktop Post the contents of the ActiveScan.txt in your next reply Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.