Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

log

Unread postby leo-the-lion » April 11th, 2011, 9:16 pm

could someone please check my log as my anti virus wouldent let me on the internet tonight here is the log

DDS (Ver_11-03-05.01) - NTFSx86
Run by pat at 2:04:12.24 on 12/04/2011
Internet Explorer: 9.0.8112.16421
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1013.113 [GMT 1:00]
.
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Virgin Media\Security\Fws.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Program Files\Virgin Media\Security\rps.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Media\HUB\VirginMediaHUBComHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\pat\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.bt.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {04666517-D7B9-43C9-B329-CD7A30FF0079} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SE1F5.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [IndexCleaner] "c:\program files\virgin media\security\IdxClnR.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VirginMediaHUB.exe] "c:\program files\virgin media\hub\VirginMediaHUB.exe" /AUTORUN
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.sultangardens.com/ipixx.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ve ... taller.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-4-11 25608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\virgin media\security\RpsSecurityAwareR.exe [2010-1-4 165408]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\virgin media\security\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-11 5832712]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2011-4-11 668912]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-4-11 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-4-11 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-4-11 27800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-21 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-11 22:53:04 -------- d-----w- c:\windows\Internet Logs
2011-04-11 22:46:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-04-11 22:45:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-04-11 22:44:45 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-04-11 22:44:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-04-11 22:43:57 -------- d-----w- c:\program files\Raxco
2011-04-11 22:30:49 -------- d-----w- c:\program files\Virgin Media
2011-04-11 19:26:24 -------- d-----w- c:\users\pat\appdata\local\{618AB192-1264-4487-AE0F-4F084ACF43EE}
2011-04-10 16:29:21 -------- d-----w- c:\users\pat\appdata\local\{C89B3ED5-76B2-4074-84A2-A8B294B9BE1F}
2011-04-09 16:10:17 -------- d-----w- c:\users\pat\appdata\local\{4C2BB18E-223E-41A5-9A1B-6CBEA7C191EC}
2011-04-08 16:13:00 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3e6fcd9f-927e-4aec-8547-49da865c4b46}\mpengine.dll
2011-04-08 16:06:27 -------- d-----w- c:\users\pat\appdata\local\{2724F9B3-D0C3-4AB6-9247-CFA864AADEDC}
2011-04-07 16:14:25 -------- d-----w- c:\users\pat\appdata\local\{87D93652-1549-410B-A552-1420A8912036}
2011-04-06 16:25:17 -------- d-----w- c:\users\pat\appdata\local\{0F5A4046-A16F-429C-92C6-773FC6B1544B}
2011-04-05 17:18:04 -------- d-----w- c:\users\pat\appdata\local\{1DCFCA5A-A738-42AF-AA92-D0A5D52D4EEA}
2011-04-04 18:39:48 -------- d-----w- c:\users\pat\appdata\local\{398098A4-9708-400D-9466-42504F24BCC5}
2011-04-03 19:11:02 -------- d-----w- c:\users\pat\appdata\local\{B5C66132-74C0-4FE8-AE40-7697CC9808D1}
2011-04-02 15:47:32 -------- d-----w- c:\users\pat\appdata\local\{4E52C457-9E08-4056-B385-8F76E87366DA}
2011-04-02 15:41:57 -------- d-----w- c:\windows\en
2011-04-02 15:31:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-02 15:26:25 -------- d-----w- c:\windows\PCHEALTH
2011-04-02 15:19:42 15712 ----a-w- c:\program files\common files\windows live\.cache\63d843ea1cbf14914\MeshBetaRemover.exe
2011-04-02 14:18:45 -------- d-----w- c:\users\pat\appdata\local\{C48B75C7-0EDC-4905-8733-F2E523DE94AF}
2011-04-01 19:11:40 -------- d-----w- c:\users\pat\appdata\local\{6ECBD591-1914-43D4-9397-36CE1454D168}
2011-03-31 17:04:30 -------- d-----w- c:\users\pat\appdata\local\{E27EFFA1-61E9-44FF-9BB5-9FE25A704A10}
2011-03-22 19:05:32 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 19:05:31 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 19:05:26 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 2:05:05.90 ===============
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm
Advertisement
Register to Remove

Re: log

Unread postby Cypher » April 14th, 2011, 12:48 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7



Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: log

Unread postby leo-the-lion » April 14th, 2011, 3:10 pm

hi this is thwe log you asked for but i only get one log

Run by pat at 2011-04-14 20:08:02
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 198 GB (89%) free of 223 GB
Total RAM: 1013 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:08:08, on 14/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\pat\Desktop\RSIT.exe
C:\Program Files\trend micro\pat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {04666517-d7b9-43c9-b329-cd7a30ff0079} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SE1F5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.sultangardens.com/ipixx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ve ... taller.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7791 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Regwork.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-25 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-14 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-02 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2010-01-27 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-14 19:56:52 ----D---- C:\Program Files\trend micro
2011-04-14 19:56:43 ----D---- C:\rsit
2011-04-14 00:46:02 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-04-14 00:46:02 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-04-14 00:46:01 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-04-14 00:45:17 ----A---- C:\Windows\system32\aswBoot.exe
2011-04-14 00:45:02 ----D---- C:\ProgramData\AVAST Software
2011-04-14 00:45:02 ----D---- C:\Program Files\AVAST Software
2011-04-13 21:31:07 ----D---- C:\Users\pat\AppData\Roaming\Malwarebytes
2011-04-13 21:30:43 ----D---- C:\ProgramData\Malwarebytes
2011-04-13 21:30:43 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-04-13 21:30:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-13 21:30:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-04-12 22:34:22 ----D---- C:\Program Files\Conduit
2011-04-12 22:33:56 ----A---- C:\Windows\system32\vsregexp.dll
2011-04-12 22:33:24 ----A---- C:\Windows\system32\zlcommdb.dll
2011-04-12 22:33:24 ----A---- C:\Windows\system32\zlcomm.dll
2011-04-12 22:33:17 ----A---- C:\Windows\system32\vswmi.dll
2011-04-12 22:33:09 ----A---- C:\Windows\system32\zpeng25.dll
2011-04-12 22:33:08 ----A---- C:\Windows\system32\vsxml.dll
2011-04-12 22:32:59 ----A---- C:\Windows\system32\vspubapi.dll
2011-04-12 22:32:58 ----A---- C:\Windows\system32\vsmonapi.dll
2011-04-12 22:32:46 ----A---- C:\Windows\system32\vsdata.dll
2011-04-12 22:32:34 ----D---- C:\Windows\system32\ZoneLabs
2011-04-12 22:32:34 ----A---- C:\Windows\system32\drivers\vsdatant.sys
2011-04-12 22:32:33 ----D---- C:\Program Files\Zone Labs
2011-04-12 22:31:42 ----A---- C:\Windows\system32\vsutil.dll
2011-04-12 22:31:42 ----A---- C:\Windows\system32\vsinit.dll
2011-04-12 22:08:29 ----D---- C:\Users\pat\AppData\Roaming\AVG10
2011-04-12 22:06:10 ----HD---- C:\ProgramData\Common Files
2011-04-12 22:02:45 ----D---- C:\ProgramData\AVG10
2011-04-12 22:01:14 ----D---- C:\Program Files\AVG
2011-04-12 21:56:16 ----D---- C:\ProgramData\MFAData
2011-04-12 21:11:21 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-12 21:11:20 ----A---- C:\Windows\system32\mfc42.dll
2011-04-12 21:11:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-12 21:11:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-12 21:11:12 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-12 21:11:03 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-12 20:37:37 ----A---- C:\Windows\system32\win32k.sys
2011-04-12 20:37:32 ----A---- C:\Windows\system32\atmfd.dll
2011-04-12 20:37:31 ----A---- C:\Windows\system32\atmlib.dll
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-11 23:53:04 ----D---- C:\Windows\Internet Logs
2011-04-05 18:32:27 ----A---- C:\Windows\system32\msls31.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\wininet.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\iertutil.dll
2011-04-05 18:32:25 ----A---- C:\Windows\system32\urlmon.dll
2011-04-05 18:32:25 ----A---- C:\Windows\system32\msrating.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-05 18:32:24 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-05 18:32:24 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\ieui.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\ieframe.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\url.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iesetup.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iernonce.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-05 18:32:22 ----A---- C:\Windows\system32\icardie.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\webcheck.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\inseng.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\wextract.exe
2011-04-05 18:32:20 ----A---- C:\Windows\system32\vbscript.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\iexpress.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\occache.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\mshtml.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\mshta.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieakui.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\admparse.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\jscript9.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\jscript.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\imgutil.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\iepeers.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\advpack.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-05 18:32:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-02 16:41:57 ----D---- C:\Windows\en
2011-04-02 16:31:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-04-02 16:26:25 ----D---- C:\Windows\PCHEALTH
2011-03-22 20:05:32 ----A---- C:\Windows\system32\DWrite.dll
2011-03-22 20:05:31 ----A---- C:\Windows\system32\FntCache.dll
2011-03-22 20:05:26 ----A---- C:\Windows\system32\XpsGdiConverter.dll

======List of files/folders modified in the last 1 months======

2011-04-14 20:08:07 ----D---- C:\Windows\Temp
2011-04-14 19:56:52 ----D---- C:\Program Files
2011-04-14 00:46:02 ----D---- C:\Windows\system32\drivers
2011-04-14 00:45:52 ----SHD---- C:\Windows\Installer
2011-04-14 00:45:18 ----D---- C:\WINDOWS
2011-04-14 00:45:17 ----D---- C:\Windows\System32
2011-04-14 00:45:02 ----HD---- C:\ProgramData
2011-04-14 00:44:59 ----SHD---- C:\System Volume Information
2011-04-13 22:40:57 ----D---- C:\Windows\Microsoft.NET
2011-04-13 22:40:52 ----RSD---- C:\Windows\assembly
2011-04-13 20:51:57 ----D---- C:\Windows\Prefetch
2011-04-13 20:34:44 ----D---- C:\Windows\system32\Tasks
2011-04-13 01:09:27 ----D---- C:\Windows\Minidump
2011-04-13 01:09:27 ----D---- C:\Windows\Debug
2011-04-13 00:55:42 ----D---- C:\Program Files\CCleaner
2011-04-13 00:53:19 ----AD---- C:\ProgramData\TEMP
2011-04-13 00:53:17 ----D---- C:\Program Files\SpywareBlaster
2011-04-12 22:32:40 ----D---- C:\Windows\system32\catroot
2011-04-12 22:32:39 ----D---- C:\Windows\inf
2011-04-12 22:08:19 ----D---- C:\Windows\winsxs
2011-04-12 21:49:26 ----D---- C:\ProgramData\Virgin Media
2011-04-12 21:49:24 ----D---- C:\Users\pat\AppData\Roaming\Virgin Media
2011-04-12 21:17:37 ----D---- C:\Program Files\Windows Mail
2011-04-12 20:44:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-12 20:42:46 ----D---- C:\Windows\system32\catroot2
2011-04-12 20:40:07 ----A---- C:\Windows\system32\mrt.exe
2011-04-12 20:39:19 ----D---- C:\Program Files\Common Files\microsoft shared
2011-04-05 21:35:26 ----D---- C:\ProgramData\NOS
2011-04-05 21:31:22 ----SD---- C:\Windows\Downloaded Program Files
2011-04-05 19:02:30 ----D---- C:\Windows\rescache
2011-04-05 18:35:04 ----RD---- C:\Windows\Offline Web Pages
2011-04-05 18:35:04 ----D---- C:\Windows\system32\wbem
2011-04-05 18:35:04 ----D---- C:\Windows\system32\migration
2011-04-05 18:35:04 ----D---- C:\Windows\system32\en-US
2011-04-05 18:35:04 ----D---- C:\Windows\PolicyDefinitions
2011-04-05 18:35:04 ----D---- C:\Program Files\Internet Explorer
2011-04-02 16:30:47 ----D---- C:\Program Files\Windows Live
2011-04-02 16:26:29 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-29 162088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-26 201728]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-25 14904]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 Profos;Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-06 144688]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\System32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby leo-the-lion » April 14th, 2011, 6:16 pm

found the other log


======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -maintain activex
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Client Settings Tool-->MsiExec.exe /I{6B7CEA10-4694-4FC3-B761-9DBFD50B8F2A}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Link-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hoyle Board Games-->C:\Windows\IsUninst.exe -fC:\SIERRA\HCBG2\Uninst.isu
Hoyle Card Games-->C:\Windows\IsUninst.exe -fC:\SIERRA\HCCG2\Uninst.isu
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HP User Guides 0093-->MsiExec.exe /I{D7358B07-4F10-4014-9869-7999578BE8ED}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_293794\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.2-->MsiExec.exe /I{09DF00E6-520C-49D5-B7E0-9612165CACA8}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
RPS CRT-->MsiExec.exe /I{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{464B3406-A4D0-4914-910F-7CA4380DCC13}
Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources-->MsiExec.exe /I{17504ED4-DB08-40A8-81C2-27D8C01581DA}
Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: pat-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 85332
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110413231250.553473-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: pat-PC
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Record Number: 85320
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20110413231148.000000-000
Event Type: Error
User:

Computer Name: pat-PC
Event Code: 7000
Message: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 85235
Source Name: Service Control Manager
Time Written: 20110413193235.000000-000
Event Type: Error
User:

Computer Name: pat-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 85193
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110413010008.317302-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: pat-PC
Event Code: 10010
Message: The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.
Record Number: 85181
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20110413005908.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: pat-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 22004
Source Name: MsiInstaller
Time Written: 20110413232330.000000-000
Event Type: Warning
User: pat-PC\pat

Computer Name: pat-PC
Event Code: 2
Message: Failed to start the Windows Mobile-2003-based device connectivity service due to Rapimgr(0x80004002) failure (see data for failure code).
Record Number: 22002
Source Name: WcesComm
Time Written: 20110413231800.000000-000
Event Type: Error
User:

Computer Name: pat-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 21997
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20110413231609.000000-000
Event Type: Warning
User:

Computer Name: pat-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 21995
Source Name: Microsoft-Windows-WMI
Time Written: 20110413231551.000000-000
Event Type: Error
User:

Computer Name: pat-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2836594380-1852496572-1831673138-1000:
Process 2216 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2836594380-1852496572-1831673138-1000\Software\Microsoft\SystemCertificates\Root

Record Number: 21975
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110413231157.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: pat-PC
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 22204
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110413193108.647025-000
Event Type: Audit Success
User:

Computer Name: pat-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2bd3e

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 22203
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110413010008.428302-000
Event Type: Audit Success
User:

Computer Name: pat-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 22202
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110413005945.419302-000
Event Type: Audit Success
User:

Computer Name: pat-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2836594380-1852496572-1831673138-1000
Account Name: pat
Account Domain: pat-PC
Logon ID: 0x1bc08

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 22201
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110413005912.482302-000
Event Type: Audit Success
User:

Computer Name: pat-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2836594380-1852496572-1831673138-1000
Account Name: pat
Domain Name: pat-PC
Logon ID: 0x1bbe3
Record Number: 22200
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110413005722.228302-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=HP
"PLATFORM"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"tvdumpflags"=8
"USERNAME"=SYSTEM
"USERPART"=E:
"windir"=%SystemRoot%

-----------------EOF-----------------
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby Cypher » April 15th, 2011, 6:11 am

Hi.
Continue with the instructions below please.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Viewpoint Media Player

Next.

Back Up registry with ERUNT

  • Please download ERUNT and save it to your desktop.
  • Alternate Download
  • Right-click on erunt_setup.exe and select " Run as administrator " to run it.
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=-
    "Start Page"="http://www.msn.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{04666517-d7b9-43c9-b329-cd7a30ff0079}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    
    :Files
    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\Regwork.job
    C:\Users\pat\AppData\Roaming\AVG10
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

I see you already have Malwarebytes Anti-Malware installed:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Logs/Information to Post in your Next Reply

  • OTM log.
  • Malwarebytes log.
  • RSIT log.txt.
  • Please give me an update on how your computer is performing.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: log

Unread postby leo-the-lion » April 15th, 2011, 2:44 pm

hi i cannot backup my registry erunt it keps telling me its up to XP i have vista thanks leo
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby leo-the-lion » April 15th, 2011, 6:03 pm

my son got the registry backup here are the logs i hope they are right
www.malwarebytes.org

Database version: 6370

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15/04/2011 22:44:17
mbam-log-2011-04-15 (22-44-17).txt

Scan type: Quick scan
Objects scanned: 151284
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
this is the other log

Run by pat at 2011-04-15 22:49:24
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 196 GB (88%) free of 223 GB
Total RAM: 1013 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:31, on 15/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Users\pat\Desktop\RSIT.exe
C:\Program Files\trend micro\pat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {04666517-d7b9-43c9-b329-cd7a30ff0079} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SE1F5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.sultangardens.com/ipixx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ve ... taller.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7564 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-25 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-14 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-02 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2010-01-27 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-15 22:10:51 ----D---- C:\_OTM
2011-04-15 22:05:54 ----D---- C:\Windows\ERDNT
2011-04-15 22:05:41 ----D---- C:\Program Files\ERUNT
2011-04-14 19:56:52 ----D---- C:\Program Files\trend micro
2011-04-14 19:56:43 ----D---- C:\rsit
2011-04-14 00:46:02 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-04-14 00:46:02 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-04-14 00:46:01 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-04-14 00:45:17 ----A---- C:\Windows\system32\aswBoot.exe
2011-04-14 00:45:02 ----D---- C:\ProgramData\AVAST Software
2011-04-14 00:45:02 ----D---- C:\Program Files\AVAST Software
2011-04-13 21:31:07 ----D---- C:\Users\pat\AppData\Roaming\Malwarebytes
2011-04-13 21:30:43 ----D---- C:\ProgramData\Malwarebytes
2011-04-13 21:30:43 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-04-13 21:30:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-13 21:30:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-04-12 22:34:22 ----D---- C:\Program Files\Conduit
2011-04-12 22:33:56 ----A---- C:\Windows\system32\vsregexp.dll
2011-04-12 22:33:24 ----A---- C:\Windows\system32\zlcommdb.dll
2011-04-12 22:33:24 ----A---- C:\Windows\system32\zlcomm.dll
2011-04-12 22:33:17 ----A---- C:\Windows\system32\vswmi.dll
2011-04-12 22:33:09 ----A---- C:\Windows\system32\zpeng25.dll
2011-04-12 22:33:08 ----A---- C:\Windows\system32\vsxml.dll
2011-04-12 22:32:59 ----A---- C:\Windows\system32\vspubapi.dll
2011-04-12 22:32:58 ----A---- C:\Windows\system32\vsmonapi.dll
2011-04-12 22:32:46 ----A---- C:\Windows\system32\vsdata.dll
2011-04-12 22:32:34 ----D---- C:\Windows\system32\ZoneLabs
2011-04-12 22:32:34 ----A---- C:\Windows\system32\drivers\vsdatant.sys
2011-04-12 22:32:33 ----D---- C:\Program Files\Zone Labs
2011-04-12 22:31:42 ----A---- C:\Windows\system32\vsutil.dll
2011-04-12 22:31:42 ----A---- C:\Windows\system32\vsinit.dll
2011-04-12 22:06:10 ----HD---- C:\ProgramData\Common Files
2011-04-12 22:02:45 ----D---- C:\ProgramData\AVG10
2011-04-12 21:56:16 ----D---- C:\ProgramData\MFAData
2011-04-12 21:11:21 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-12 21:11:20 ----A---- C:\Windows\system32\mfc42.dll
2011-04-12 21:11:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-12 21:11:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-12 21:11:12 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-12 21:11:03 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-12 20:37:37 ----A---- C:\Windows\system32\win32k.sys
2011-04-12 20:37:32 ----A---- C:\Windows\system32\atmfd.dll
2011-04-12 20:37:31 ----A---- C:\Windows\system32\atmlib.dll
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-11 23:53:04 ----D---- C:\Windows\Internet Logs
2011-04-05 18:32:27 ----A---- C:\Windows\system32\msls31.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\wininet.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\iertutil.dll
2011-04-05 18:32:25 ----A---- C:\Windows\system32\urlmon.dll
2011-04-05 18:32:25 ----A---- C:\Windows\system32\msrating.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-05 18:32:24 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-05 18:32:24 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\ieui.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\ieframe.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\url.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iesetup.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iernonce.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-05 18:32:22 ----A---- C:\Windows\system32\icardie.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\webcheck.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\inseng.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\wextract.exe
2011-04-05 18:32:20 ----A---- C:\Windows\system32\vbscript.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\iexpress.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\occache.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\mshtml.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\mshta.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieakui.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\admparse.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\jscript9.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\jscript.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\imgutil.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\iepeers.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\advpack.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-05 18:32:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-02 16:41:57 ----D---- C:\Windows\en
2011-04-02 16:31:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-04-02 16:26:25 ----D---- C:\Windows\PCHEALTH
2011-03-22 20:05:32 ----A---- C:\Windows\system32\DWrite.dll
2011-03-22 20:05:31 ----A---- C:\Windows\system32\FntCache.dll
2011-03-22 20:05:26 ----A---- C:\Windows\system32\XpsGdiConverter.dll

======List of files/folders modified in the last 1 months======

2011-04-15 22:49:31 ----D---- C:\Windows\Temp
2011-04-15 22:18:56 ----SHD---- C:\System Volume Information
2011-04-15 22:11:01 ----D---- C:\Windows\Tasks
2011-04-15 22:05:54 ----D---- C:\WINDOWS
2011-04-15 22:05:41 ----D---- C:\Program Files
2011-04-15 19:28:24 ----HD---- C:\ProgramData
2011-04-14 21:59:28 ----AD---- C:\ProgramData\TEMP
2011-04-14 21:59:08 ----D---- C:\Program Files\SpywareBlaster
2011-04-14 00:46:02 ----D---- C:\Windows\system32\drivers
2011-04-14 00:45:52 ----SHD---- C:\Windows\Installer
2011-04-14 00:45:17 ----D---- C:\Windows\System32
2011-04-13 22:40:57 ----D---- C:\Windows\Microsoft.NET
2011-04-13 22:40:52 ----RSD---- C:\Windows\assembly
2011-04-13 20:51:57 ----D---- C:\Windows\Prefetch
2011-04-13 20:34:44 ----D---- C:\Windows\system32\Tasks
2011-04-13 01:09:27 ----D---- C:\Windows\Minidump
2011-04-13 01:09:27 ----D---- C:\Windows\Debug
2011-04-13 00:55:42 ----D---- C:\Program Files\CCleaner
2011-04-12 22:32:40 ----D---- C:\Windows\system32\catroot
2011-04-12 22:32:39 ----D---- C:\Windows\inf
2011-04-12 22:08:19 ----D---- C:\Windows\winsxs
2011-04-12 21:49:26 ----D---- C:\ProgramData\Virgin Media
2011-04-12 21:49:24 ----D---- C:\Users\pat\AppData\Roaming\Virgin Media
2011-04-12 21:17:37 ----D---- C:\Program Files\Windows Mail
2011-04-12 20:44:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-12 20:42:46 ----D---- C:\Windows\system32\catroot2
2011-04-12 20:40:07 ----A---- C:\Windows\system32\mrt.exe
2011-04-12 20:39:19 ----D---- C:\Program Files\Common Files\microsoft shared
2011-04-05 21:35:26 ----D---- C:\ProgramData\NOS
2011-04-05 21:31:22 ----SD---- C:\Windows\Downloaded Program Files
2011-04-05 19:02:30 ----D---- C:\Windows\rescache
2011-04-05 18:35:04 ----RD---- C:\Windows\Offline Web Pages
2011-04-05 18:35:04 ----D---- C:\Windows\system32\wbem
2011-04-05 18:35:04 ----D---- C:\Windows\system32\migration
2011-04-05 18:35:04 ----D---- C:\Windows\system32\en-US
2011-04-05 18:35:04 ----D---- C:\Windows\PolicyDefinitions
2011-04-05 18:35:04 ----D---- C:\Program Files\Internet Explorer
2011-04-02 16:30:47 ----D---- C:\Program Files\Windows Live
2011-04-02 16:26:29 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-29 162088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-26 201728]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-25 14904]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 Profos;Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-06 144688]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\System32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
and the last one


2010/12/08 01:11:02.139 03008: Debug: - Start -
2010/12/08 01:11:02.139 03008: Debug: ------------------------------------------------------------------------
2010/12/08 01:11:02.139 03008: Debug: WinMain(32): Command line (/uninstall /Silent /RemoveOemPackages)
2010/12/08 01:11:02.139 03008: Debug: InstallArgs(): /Uninstall chosen
2010/12/08 01:11:02.139 03008: Debug: InstallArgs(): /Silent chosen
2010/12/08 01:11:02.139 03008: Debug: InstallArgs(): /RemoveOemPackages chosen
2010/12/08 01:11:02.139 03008: Debug: ShutdownServer(): Shutting down service PCToolsFirewallPlus
2010/12/08 01:11:02.139 03008: Error: ServiceManager::ServiceExists(PCToolsFirewallPlus): OpenService failed, error (Windows OS Error - The specified service does not exist as an installed service.)
2010/12/08 01:11:02.139 03008: Func: UninstallNDISDriver(1, 1): Start
2010/12/08 01:11:02.139 03008: Func: UninstallNDISDriver(pctNDIS): Start
2010/12/08 01:11:02.170 03008: Func: CNdisDriverInstaller::UninstallNT(PCTNdis, S4E_PCTNDISMP, {4D36E972-E325-11CE-BFC1-08002bE10318}, C:\WINDOWS\System32\drivers\pctNdis.sys, pctNDIS, PNP_TDI): Start
2010/12/08 01:11:02.170 03008: Func: CNdisDriverInstaller::IsInstalledNT(PCTNdis): Start
2010/12/08 01:11:02.186 03008: Debug: CNdisDriverInstaller::IsInstalledNT(PCTNdis): Component found
2010/12/08 01:11:02.186 03008: Func: CNdisDriverInstaller::IsInstalledNT(PCTNdis): End, hr = 0x0
2010/12/08 01:11:02.201 03008: Debug: HrUninstallNetComponent
2010/12/08 01:11:02.201 03008: Error: CNdisDriverInstaller::UninstallNT () failed to get tag for service('pctNDIS')
2010/12/08 01:11:02.217 03008: Func: HrUninstallNetComponent(): Start
2010/12/08 01:11:05.150 03008: Func: HrUninstallNetComponent(): Done with result: 0x00000000.
2010/12/08 01:11:05.259 03008: Debug: CNdisDriverInstaller::UninstallNT hr = 0
2010/12/08 01:11:05.259 03008: Warn: CRegistry::Open(0x18c, pctNDIS): failed, error (Windows OS Error - The system cannot find the file specified.)
2010/12/08 01:11:05.259 03008: Error: CNdisDriverInstaller::UninstallNT () failed to remove service from order list
2010/12/08 01:11:05.259 03008: Func: CNTService::Uninstall(0): Start
2010/12/08 01:11:05.259 03008: Func: CNTService::Installed(): Start
2010/12/08 01:11:05.259 03008: Func: CNTService::Service(): Start
2010/12/08 01:11:05.259 03008: Func: CNTService::Service(): End, return 0x0
2010/12/08 01:11:05.275 03008: Func: CNTService::Installed(): End, Service not installed
2010/12/08 01:11:05.275 03008: Func: CNTService::Uninstall(0): End
2010/12/08 01:11:05.275 03008: Func: CNdisDriverInstaller::UninstallNT(PCTNdis, S4E_PCTNDISMP, {4D36E972-E325-11CE-BFC1-08002bE10318}, C:\WINDOWS\System32\drivers\pctNdis.sys, pctNDIS, PNP_TDI): End, Ret: 1
2010/12/08 01:11:05.275 03008: Func: RemoveOemPackages(1): Start
2010/12/08 01:11:05.275 03008: Func: CNdisDriverInstaller::IsInstalledNT(PCTNdis): Start
2010/12/08 01:11:05.275 03008: Func: CNdisDriverInstaller::IsInstalledNT(PCTNdis): End, hr = 0x1
2010/12/08 01:11:05.275 03008: Func: CNdisDriverInstaller::RemovePreviousINF(): Start
2010/12/08 01:11:05.275 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem0.inf ): start
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E979-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem0.inf ): done with result: false
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem1.inf ): start
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E979-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.290 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem1.inf ): done with result: false
2010/12/08 01:11:05.306 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem10.inf ): start
2010/12/08 01:11:05.321 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.321 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: CXT
2010/12/08 01:11:05.337 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.337 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.353 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem10.inf ): done with result: false
2010/12/08 01:11:05.353 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem11.inf ): start
2010/12/08 01:11:05.462 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.477 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: CXT
2010/12/08 01:11:05.477 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.477 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.477 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem11.inf ): done with result: false
2010/12/08 01:11:05.477 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem12.inf ): start
2010/12/08 01:11:05.524 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.524 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Broadcom
2010/12/08 01:11:05.524 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.524 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:05.524 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem12.inf ): done with result: false
2010/12/08 01:11:05.524 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem13.inf ): start
2010/12/08 01:11:05.540 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.540 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Atheros Communications Inc.
2010/12/08 01:11:05.540 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.540 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:05.540 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem13.inf ): done with result: false
2010/12/08 01:11:05.555 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem15.inf ): start
2010/12/08 01:11:05.555 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.571 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Alps
2010/12/08 01:11:05.571 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.571 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96F-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.571 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem15.inf ): done with result: false
2010/12/08 01:11:05.571 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem16.inf ): start
2010/12/08 01:11:05.587 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.602 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Realtek Semiconductor Corp.
2010/12/08 01:11:05.618 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.618 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:05.618 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem16.inf ): done with result: false
2010/12/08 01:11:05.618 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem17.inf ): start
2010/12/08 01:11:05.633 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.649 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Intel
2010/12/08 01:11:05.649 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.649 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96A-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.665 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem17.inf ): done with result: false
2010/12/08 01:11:05.665 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem18.inf ): start
2010/12/08 01:11:05.665 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.665 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Intel
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E97D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem18.inf ): done with result: false
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem19.inf ): start
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Intel
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E97D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem19.inf ): done with result: false
2010/12/08 01:11:05.680 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem2.inf ): start
2010/12/08 01:11:05.696 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.696 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Radialpoint, Inc.
2010/12/08 01:11:05.696 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.696 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E974-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.696 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem2.inf ): done with result: false
2010/12/08 01:11:05.711 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem20.inf ): start
2010/12/08 01:11:05.711 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.711 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Hewlett-Packard
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem20.inf ): done with result: false
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem21.inf ): start
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Hewlett-Packard Development Company, L.P.
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96B-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem21.inf ): done with result: false
2010/12/08 01:11:05.727 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem22.inf ): start
2010/12/08 01:11:05.743 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.758 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Conexant
2010/12/08 01:11:05.758 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.758 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e96c-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:05.758 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem22.inf ): done with result: false
2010/12/08 01:11:05.758 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem23.inf ): start
2010/12/08 01:11:05.774 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.774 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: CXT
2010/12/08 01:11:05.774 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.774 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.774 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem23.inf ): done with result: false
2010/12/08 01:11:05.774 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem24.inf ): start
2010/12/08 01:11:05.789 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.836 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Alps
2010/12/08 01:11:05.836 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.836 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96F-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.836 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem24.inf ): done with result: false
2010/12/08 01:11:05.836 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem25.inf ): start
2010/12/08 01:11:05.867 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.867 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Intel Corporation
2010/12/08 01:11:05.883 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.914 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E968-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:05.914 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem25.inf ): done with result: false
2010/12/08 01:11:05.945 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem26.inf ): start
2010/12/08 01:11:05.961 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:05.992 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Realtek Semiconductor Corp.
2010/12/08 01:11:05.992 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:05.992 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:06.008 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem26.inf ): done with result: false
2010/12/08 01:11:06.008 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem27.inf ): start
2010/12/08 01:11:06.039 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.039 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft
2010/12/08 01:11:06.055 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.055 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E979-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:06.055 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem27.inf ): done with result: false
2010/12/08 01:11:06.055 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem28.inf ): start
2010/12/08 01:11:06.086 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.117 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Eastman Kodak
2010/12/08 01:11:06.133 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.133 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {EEC5AD98-8080-425f-922A-DABF3DE3F69A}
2010/12/08 01:11:06.164 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem28.inf ): done with result: false
2010/12/08 01:11:06.164 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem29.inf ): start
2010/12/08 01:11:06.164 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.195 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Eastman Kodak Company
2010/12/08 01:11:06.195 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.195 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E979-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:06.195 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem29.inf ): done with result: false
2010/12/08 01:11:06.195 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem3.inf ): start
2010/12/08 01:11:06.226 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.226 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Atheros Communications Inc.
2010/12/08 01:11:06.226 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.226 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:06.304 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem3.inf ): done with result: false
2010/12/08 01:11:06.304 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem30.inf ): start
2010/12/08 01:11:06.335 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.367 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Realtek Semiconductor Corp.
2010/12/08 01:11:06.367 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.367 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:06.367 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem30.inf ): done with result: false
2010/12/08 01:11:06.382 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem31.inf ): start
2010/12/08 01:11:06.413 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.413 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Radialpoint, Inc.
2010/12/08 01:11:06.413 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.429 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E972-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:06.429 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem31.inf ): done with result: false
2010/12/08 01:11:06.429 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem32.inf ): start
2010/12/08 01:11:06.460 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.460 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Radialpoint, Inc.
2010/12/08 01:11:06.460 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.460 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {3C9A56DA-221C-483f-A5D7-036D4FE9F4A7}
2010/12/08 01:11:06.460 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem32.inf ): done with result: false
2010/12/08 01:11:06.460 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem33.inf ): start
2010/12/08 01:11:06.772 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:06.866 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: PC Tools
2010/12/08 01:11:06.881 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:06.881 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E974-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:06.881 03008: Debug: CNdisDriverInstaller::IsPCToolsNdisInf(): found matched string: ; -- pctNdis.inf --
2010/12/08 01:11:06.881 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem33.inf ): done with result: true
2010/12/08 01:11:06.881 03008: Debug: CNdisDriverInstaller::RemovePreviousINF(): Found PC Tools package; oem33.inf. Removing...
2010/12/08 01:11:06.881 03008: Func: CNdisDriverInstaller::RemoveOemPackage(oem33.inf): Start
2010/12/08 01:11:10.828 03008: Debug: CNdisDriverInstaller::RemoveOemPackage(oem33.inf): done
2010/12/08 01:11:10.828 03008: Func: CNdisDriverInstaller::RemoveOemPackage(oem33.inf): End, Ret=1
2010/12/08 01:11:10.844 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem34.inf ): start
2010/12/08 01:11:10.875 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:10.875 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Hewlett-Packard Development Company, L.P.
2010/12/08 01:11:10.891 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:10.891 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
2010/12/08 01:11:10.891 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem34.inf ): done with result: false
2010/12/08 01:11:10.891 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem35.inf ): start
2010/12/08 01:11:10.969 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:10.969 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft Corporation
2010/12/08 01:11:10.969 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:10.969 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:10.969 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem35.inf ): done with result: false
2010/12/08 01:11:10.969 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem36.inf ): start
2010/12/08 01:11:11.015 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:11.015 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft Corporation
2010/12/08 01:11:11.015 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:11.015 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:11.015 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem36.inf ): done with result: false
2010/12/08 01:11:11.015 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem37.inf ): start
2010/12/08 01:11:11.093 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:11.109 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft
2010/12/08 01:11:11.109 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:11.109 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}
2010/12/08 01:11:11.125 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem37.inf ): done with result: false
2010/12/08 01:11:11.125 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem38.inf ): start
2010/12/08 01:11:11.234 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:11.234 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft Corporation
2010/12/08 01:11:11.234 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:11.234 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}
2010/12/08 01:11:11.234 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem38.inf ): done with result: false
2010/12/08 01:11:11.234 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem39.inf ): start
2010/12/08 01:11:11.281 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:11.281 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Microsoft Corporation
2010/12/08 01:11:11.281 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:11.281 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {EEC5AD98-8080-425f-922A-DABF3DE3F69A}
2010/12/08 01:11:11.296 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem39.inf ): done with result: false
2010/12/08 01:11:11.296 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem4.inf ): start
2010/12/08 01:11:11.327 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:11.327 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Conexant
2010/12/08 01:11:11.327 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:11.327 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e96c-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:11.327 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem4.inf ): done with result: false
2010/12/08 01:11:11.327 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem40.inf ): start
2010/12/08 01:11:11.359 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:11.359 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: PC Tools
2010/12/08 01:11:11.359 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:11.359 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e972-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:11.359 03008: Debug: CNdisDriverInstaller::IsPCToolsNdisInf(): found matched string: ; -- pctNdis_m.inf --
2010/12/08 01:11:11.359 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem40.inf ): done with result: true
2010/12/08 01:11:11.359 03008: Debug: CNdisDriverInstaller::RemovePreviousINF(): Found PC Tools package; oem40.inf. Removing...
2010/12/08 01:11:11.359 03008: Func: CNdisDriverInstaller::RemoveOemPackage(oem40.inf): Start
2010/12/08 01:11:12.685 03008: Debug: CNdisDriverInstaller::RemoveOemPackage(oem40.inf): done
2010/12/08 01:11:12.700 03008: Func: CNdisDriverInstaller::RemoveOemPackage(oem40.inf): End, Ret=1
2010/12/08 01:11:12.700 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem5.inf ): start
2010/12/08 01:11:12.747 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:12.809 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Conexant
2010/12/08 01:11:12.809 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:12.856 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e96c-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:12.856 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem5.inf ): done with result: false
2010/12/08 01:11:12.856 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem6.inf ): start
2010/12/08 01:11:12.934 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:12.934 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Conexant
2010/12/08 01:11:13.075 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:13.075 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e96c-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:13.090 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem6.inf ): done with result: false
2010/12/08 01:11:13.090 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem7.inf ): start
2010/12/08 01:11:13.184 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:13.184 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: Conexant
2010/12/08 01:11:13.184 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:13.199 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4d36e96c-e325-11ce-bfc1-08002be10318}
2010/12/08 01:11:13.215 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem7.inf ): done with result: false
2010/12/08 01:11:13.277 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem8.inf ): start
2010/12/08 01:11:13.465 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:13.465 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: CXT
2010/12/08 01:11:13.480 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:13.496 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:13.496 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem8.inf ): done with result: false
2010/12/08 01:11:13.496 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem9.inf ): start
2010/12/08 01:11:13.574 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: Provider, Index: 1 ): start
2010/12/08 01:11:13.605 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: CXT
2010/12/08 01:11:13.621 03008: Func: CNdisDriverInstaller::GetInfStringField( Section: Version, Key: ClassGUID, Index: 1 ): start
2010/12/08 01:11:13.636 03008: Func: CNdisDriverInstaller::GetInfStringField(): done with result: true. Value: {4D36E96D-E325-11CE-BFC1-08002BE10318}
2010/12/08 01:11:13.636 03008: Func: CNdisDriverInstaller::IsPCToolsNdisInf( oem9.inf ): done with result: false
2010/12/08 01:11:13.636 03008: Func: CNdisDriverInstaller::RemovePreviousINF(): End, Found=1
2010/12/08 01:11:13.636 03008: Func: RemoveOemPackages(1): End, Ret=1
2010/12/08 01:11:13.808 03008: Func: UninstallNDISDriver(1, 1): End, Ret=1
2010/12/08 01:11:13.933 03008: Func: CNTService::Installed(): Start
2010/12/08 01:11:13.933 03008: Func: CNTService::Service(): Start
2010/12/08 01:11:13.933 03008: Func: CNTService::Service(): End, return 0x27f240
2010/12/08 01:11:13.948 03008: Func: CNTService::Installed(): End, Service installed
2010/12/08 01:11:13.948 03008: Func: CNTService::Uninstall(0): Start
2010/12/08 01:11:13.948 03008: Func: CNTService::Installed(): Start
2010/12/08 01:11:13.948 03008: Func: CNTService::Service(): Start
2010/12/08 01:11:13.948 03008: Func: CNTService::Service(): End, return 0x27f0b0
2010/12/08 01:11:13.948 03008: Func: CNTService::Installed(): End, Service installed
2010/12/08 01:11:13.979 03008: Debug: CNTService::Uninstall(): Service installed
2010/12/08 01:11:13.979 03008: Func: CNTService::Service(): Start
2010/12/08 01:11:13.979 03008: Func: CNTService::Service(): End, return 0x27f448
2010/12/08 01:11:13.979 03008: Debug: CNTService::Uninstall(): Deleting service
2010/12/08 01:11:13.979 03008: Func: CNTService::Installed(): Start
2010/12/08 01:11:13.979 03008: Func: CNTService::Service(): Start
2010/12/08 01:11:13.979 03008: Func: CNTService::Service(): End, return 0x27f240
2010/12/08 01:11:13.979 03008: Func: CNTService::Installed(): End, Service installed
2010/12/08 01:11:13.995 03008: Func: CNTService::Uninstall(0): End
2010/12/08 01:11:13.995 03008: Func: CNTService::Installed(): Start
2010/12/08 01:11:13.995 03008: Func: CNTService::Service(): Start
2010/12/08 01:11:14.026 03008: Func: CNTService::Service(): End, return 0x0
2010/12/08 01:11:14.291 03008: Func: CNTService::Installed(): End, Service not installed
2010/12/08 01:11:14.307 03008: Debug: WinMain(): Result = 0
i hope they are all right the machine is much better now thanks leo
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby Cypher » April 16th, 2011, 5:44 am

Hi.
It appears part of that last fix failed so we need to run it again.
Please be sure to follow these instructions carefully.

Re-run OTM
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=-
    "Start Page"="http://www.msn.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{04666517-d7b9-43c9-b329-cd7a30ff0079}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [ClearAllRestorePoints]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: log

Unread postby leo-the-lion » April 16th, 2011, 1:29 pm

this is the otm log

Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]> in the current context!
Error: Unable to interpret <"Default_Page_URL"=-> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]> in the current context!
Error: Unable to interpret <"Default_Page_URL"=-> in the current context!
Error: Unable to interpret <"Start Page"="http://www.msn.com"> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]> in the current context!
Error: Unable to interpret <"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"> in the current context!
Error: Unable to interpret <"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]> in the current context!
Error: Unable to interpret <"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-> in the current context!
Error: Unable to interpret <[-HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]> in the current context!
Error: Unable to interpret <"{04666517-d7b9-43c9-b329-cd7a30ff0079}"=-> in the current context!
Error: Unable to interpret <[-HKEY_CLASSES_ROOT\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]> in the current context!
Error: Unable to interpret <"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-> in the current context!
Error: Unable to interpret <[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]> in the current context!
Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\pat\Desktop\cmd.bat deleted successfully.
C:\Users\pat\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pat
->Temp folder emptied: 132369 bytes
->Temporary Internet Files folder emptied: 1991155 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 04162011_181656

Files moved on Reboot...
C:\Users\pat\AppData\Local\Temp\~DF623C.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File C:\Windows\temp\ZLT01916.TMP not found!

Registry entries deleted on Reboot...
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby leo-the-lion » April 16th, 2011, 1:32 pm

this is the rsit log

Run by pat at 2011-04-16 18:29:56
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 201 GB (90%) free of 223 GB
Total RAM: 1013 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:30:32, on 16/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\pat\Desktop\RSIT.exe
C:\Program Files\trend micro\pat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
R3 - URLSearchHook: (no name) - {04666517-d7b9-43c9-b329-cd7a30ff0079} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SE1F5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.sultangardens.com/ipixx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - http://downloads.virginmedia.com/CST/ve ... taller.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7614 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-25 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-14 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-02 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2010-01-27 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-04-15 22:10:51 ----D---- C:\_OTM
2011-04-15 22:05:54 ----D---- C:\Windows\ERDNT
2011-04-15 22:05:41 ----D---- C:\Program Files\ERUNT
2011-04-14 19:56:52 ----D---- C:\Program Files\trend micro
2011-04-14 19:56:43 ----D---- C:\rsit
2011-04-14 00:46:02 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-04-14 00:46:02 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-04-14 00:46:01 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-04-14 00:46:00 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-04-14 00:45:17 ----A---- C:\Windows\system32\aswBoot.exe
2011-04-14 00:45:02 ----D---- C:\ProgramData\AVAST Software
2011-04-14 00:45:02 ----D---- C:\Program Files\AVAST Software
2011-04-13 21:31:07 ----D---- C:\Users\pat\AppData\Roaming\Malwarebytes
2011-04-13 21:30:43 ----D---- C:\ProgramData\Malwarebytes
2011-04-13 21:30:43 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-04-13 21:30:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-04-13 21:30:36 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-04-12 22:34:22 ----D---- C:\Program Files\Conduit
2011-04-12 22:33:56 ----A---- C:\Windows\system32\vsregexp.dll
2011-04-12 22:33:24 ----A---- C:\Windows\system32\zlcommdb.dll
2011-04-12 22:33:24 ----A---- C:\Windows\system32\zlcomm.dll
2011-04-12 22:33:17 ----A---- C:\Windows\system32\vswmi.dll
2011-04-12 22:33:09 ----A---- C:\Windows\system32\zpeng25.dll
2011-04-12 22:33:08 ----A---- C:\Windows\system32\vsxml.dll
2011-04-12 22:32:59 ----A---- C:\Windows\system32\vspubapi.dll
2011-04-12 22:32:58 ----A---- C:\Windows\system32\vsmonapi.dll
2011-04-12 22:32:46 ----A---- C:\Windows\system32\vsdata.dll
2011-04-12 22:32:34 ----D---- C:\Windows\system32\ZoneLabs
2011-04-12 22:32:34 ----A---- C:\Windows\system32\drivers\vsdatant.sys
2011-04-12 22:32:33 ----D---- C:\Program Files\Zone Labs
2011-04-12 22:31:42 ----A---- C:\Windows\system32\vsutil.dll
2011-04-12 22:31:42 ----A---- C:\Windows\system32\vsinit.dll
2011-04-12 22:06:10 ----HD---- C:\ProgramData\Common Files
2011-04-12 22:02:45 ----D---- C:\ProgramData\AVG10
2011-04-12 21:56:16 ----D---- C:\ProgramData\MFAData
2011-04-12 21:11:21 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-12 21:11:20 ----A---- C:\Windows\system32\mfc42.dll
2011-04-12 21:11:13 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-12 21:11:13 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-12 21:11:12 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-12 21:11:03 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-12 20:37:40 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-12 20:37:37 ----A---- C:\Windows\system32\win32k.sys
2011-04-12 20:37:32 ----A---- C:\Windows\system32\atmfd.dll
2011-04-12 20:37:31 ----A---- C:\Windows\system32\atmlib.dll
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-12 20:37:28 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-11 23:53:04 ----D---- C:\Windows\Internet Logs
2011-04-05 18:32:27 ----A---- C:\Windows\system32\msls31.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\wininet.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\jsproxy.dll
2011-04-05 18:32:26 ----A---- C:\Windows\system32\iertutil.dll
2011-04-05 18:32:25 ----A---- C:\Windows\system32\urlmon.dll
2011-04-05 18:32:25 ----A---- C:\Windows\system32\msrating.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-04-05 18:32:24 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-04-05 18:32:24 ----A---- C:\Windows\system32\mshtmler.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\ieui.dll
2011-04-05 18:32:24 ----A---- C:\Windows\system32\iesysprep.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\ieframe.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\dxtrans.dll
2011-04-05 18:32:23 ----A---- C:\Windows\system32\dxtmsft.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\url.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iesetup.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iernonce.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\iedkcs32.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-05 18:32:22 ----A---- C:\Windows\system32\ie4uinit.exe
2011-04-05 18:32:22 ----A---- C:\Windows\system32\icardie.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\webcheck.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\licmgr10.dll
2011-04-05 18:32:21 ----A---- C:\Windows\system32\inseng.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\wextract.exe
2011-04-05 18:32:20 ----A---- C:\Windows\system32\vbscript.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-05 18:32:20 ----A---- C:\Windows\system32\iexpress.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\pngfilt.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\occache.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\mshtml.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\mshta.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieUnatt.exe
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieakui.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\ieaksie.dll
2011-04-05 18:32:19 ----A---- C:\Windows\system32\admparse.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\jscript9.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\jscript.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\imgutil.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\iepeers.dll
2011-04-05 18:32:18 ----A---- C:\Windows\system32\advpack.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\msfeedssync.exe
2011-04-05 18:32:17 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\ieakeng.dll
2011-04-05 18:32:17 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-04-02 16:41:57 ----D---- C:\Windows\en
2011-04-02 16:31:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-04-02 16:26:25 ----D---- C:\Windows\PCHEALTH
2011-03-22 20:05:32 ----A---- C:\Windows\system32\DWrite.dll
2011-03-22 20:05:31 ----A---- C:\Windows\system32\FntCache.dll
2011-03-22 20:05:26 ----A---- C:\Windows\system32\XpsGdiConverter.dll

======List of files/folders modified in the last 1 months======

2011-04-16 18:29:55 ----D---- C:\Windows\Temp
2011-04-16 18:19:07 ----SHD---- C:\System Volume Information
2011-04-15 22:11:01 ----D---- C:\Windows\Tasks
2011-04-15 22:05:54 ----D---- C:\WINDOWS
2011-04-15 22:05:41 ----D---- C:\Program Files
2011-04-15 19:28:24 ----HD---- C:\ProgramData
2011-04-14 21:59:28 ----AD---- C:\ProgramData\TEMP
2011-04-14 21:59:08 ----D---- C:\Program Files\SpywareBlaster
2011-04-14 00:46:02 ----D---- C:\Windows\system32\drivers
2011-04-14 00:45:52 ----SHD---- C:\Windows\Installer
2011-04-14 00:45:17 ----D---- C:\Windows\System32
2011-04-13 22:40:57 ----D---- C:\Windows\Microsoft.NET
2011-04-13 22:40:52 ----RSD---- C:\Windows\assembly
2011-04-13 20:51:57 ----D---- C:\Windows\Prefetch
2011-04-13 20:34:44 ----D---- C:\Windows\system32\Tasks
2011-04-13 01:09:27 ----D---- C:\Windows\Minidump
2011-04-13 01:09:27 ----D---- C:\Windows\Debug
2011-04-13 00:55:42 ----D---- C:\Program Files\CCleaner
2011-04-12 22:32:40 ----D---- C:\Windows\system32\catroot
2011-04-12 22:32:39 ----D---- C:\Windows\inf
2011-04-12 22:08:19 ----D---- C:\Windows\winsxs
2011-04-12 21:49:26 ----D---- C:\ProgramData\Virgin Media
2011-04-12 21:49:24 ----D---- C:\Users\pat\AppData\Roaming\Virgin Media
2011-04-12 21:17:37 ----D---- C:\Program Files\Windows Mail
2011-04-12 20:44:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-12 20:42:46 ----D---- C:\Windows\system32\catroot2
2011-04-12 20:40:07 ----A---- C:\Windows\system32\mrt.exe
2011-04-12 20:39:19 ----D---- C:\Program Files\Common Files\microsoft shared
2011-04-05 21:35:26 ----D---- C:\ProgramData\NOS
2011-04-05 21:31:22 ----SD---- C:\Windows\Downloaded Program Files
2011-04-05 19:02:30 ----D---- C:\Windows\rescache
2011-04-05 18:35:04 ----RD---- C:\Windows\Offline Web Pages
2011-04-05 18:35:04 ----D---- C:\Windows\system32\wbem
2011-04-05 18:35:04 ----D---- C:\Windows\system32\migration
2011-04-05 18:35:04 ----D---- C:\Windows\system32\en-US
2011-04-05 18:35:04 ----D---- C:\Windows\PolicyDefinitions
2011-04-05 18:35:04 ----D---- C:\Program Files\Internet Explorer
2011-04-02 16:30:47 ----D---- C:\Program Files\Windows Live
2011-04-02 16:26:29 ----SD---- C:\ProgramData\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-02-23 25432]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-02-23 371544]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-02-23 301528]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-02-23 49240]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 457304]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-29 162088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-26 201728]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-25 14904]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 Profos;Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-06 144688]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\System32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby Cypher » April 16th, 2011, 1:54 pm

Hi.
Ok that fix has failed again so we try again a different way.

Registry fix file.

  • Please copy the contents including any blank lines of the Code Box below to Notepad, Do not include the word CODE:

    Code: Select all
    Windows Registry Editor Version 5.00 
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=-
    "Start Page"="http://www.msn.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{04666517-d7b9-43c9-b329-cd7a30ff0079}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    
    
  • Make sure there are NO blank lines before Windows Registry Editor Version 5.00...
  • Name the file fix1.reg
  • Change the Save as Type to All Files
  • Save it to your desktop.
  • Right-click on the fix1.reg file and select " Run as administrator " to run it.
  • When prompted to merge reply "Yes".

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Logs/Information to Post in your Next Reply

  • RSIT log.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: log

Unread postby leo-the-lion » April 16th, 2011, 2:36 pm

hi i cant get fix1.reg to work i cannot run as administrator no option if i just double vlick it wants to add to registry i dont no if this is right so i havent done it thanks leo
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby Cypher » April 16th, 2011, 2:42 pm

Ok leave that for now.
I need you to run another scan for me.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: log

Unread postby leo-the-lion » April 16th, 2011, 4:40 pm

i ran eset online scanner it found nothing i dident get a log thanks leo
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm

Re: log

Unread postby leo-the-lion » April 16th, 2011, 5:06 pm

i think i managed to get the OTM log working so here is the log

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.msn.com" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\\"CustomizeSearch"|"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{04666517-d7b9-43c9-b329-cd7a30ff0079} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04666517-d7b9-43c9-b329-cd7a30ff0079}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\pat\Desktop\cmd.bat deleted successfully.
C:\Users\pat\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pat
->Temp folder emptied: 406342 bytes
->Temporary Internet Files folder emptied: 18614473 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.17.2 log created on 04162011_215659

Files moved on Reboot...
C:\Users\pat\AppData\Local\Temp\~DFC231.tmp moved successfully.
C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXQ88V65\list-item-plus[1].png moved successfully.
C:\Users\pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8I33NUZE\background_button_green_full[1].png moved successfully.
File C:\Windows\temp\ZLT0531d.TMP not found!

Registry entries deleted on Reboot...
leo-the-lion
Active Member
 
Posts: 13
Joined: April 11th, 2011, 8:57 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware