Hi Tom,
I want to thank you for your kindness and for helping me. If I have done anything wrong or in the wrong order, please be patient and forgive me; I will try to do my best.
I'm sure something is going on asthere were many people complainting about mail I had sent them from an email screen name i havn't used in oveer a year!
I hope I did this right; at the end of this I am enclosing the copy of another windows I saw open that I did (disregard it if it's not important!) =) Aleta
OTL logfile created on: 2/10/2010 9:18:26 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 344.76 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.06 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
PRC - [2010/02/09 01:58:21 | 000,293,376 | R--- | M] () -- C:\Users\Larry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
PRC - [2009/12/31 08:27:27 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/11/29 01:38:28 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/02 23:00:34 | 000,279,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/27 16:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/03/23 14:07:24 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 11:29:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/02 08:50:28 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/20 06:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
PRC - [2007/06/20 06:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkDStore.exe
PRC - [2007/06/20 06:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/02/02 07:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
========== Modules (SafeList) ========== MOD - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2008/01/20 18:52:05 | 000,521,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:
64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:
64bit: - [2006/11/02 07:04:59 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/11 19:49:12 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/06 16:49:34 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/14 17:31:38 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/12/04 16:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtIE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2009/01/16 21:19:45 | 000,291,249 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10030 more lines...
O2:
64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:
64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:
64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:
64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:
64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:
64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:
64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:
64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O24 - Desktop BackupWallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell - "" = AutoRun
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell\AutoRun\command - "" = J:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs:
64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:
64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:
64bit: Ntmssvc - C:\Windows\SysNative\ntmssvc.dll ()
NetSvcs:
64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
SafeBootMin:
64bit: AppMgmt - Service
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PEVSystemStart - Service
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: procexp90.Sys - Driver
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:
64bit: AppMgmt - Service
SafeBootNet:
64bit: Base - Driver Group
SafeBootNet:
64bit: Boot Bus Extender - Driver Group
SafeBootNet:
64bit: Boot file system - Driver Group
SafeBootNet:
64bit: File system - Driver Group
SafeBootNet:
64bit: Filter - Driver Group
SafeBootNet:
64bit: HelpSvc - Service
SafeBootNet:
64bit: Messenger - Service
SafeBootNet:
64bit: NDIS Wrapper - Driver Group
SafeBootNet:
64bit: NetBIOSGroup - Driver Group
SafeBootNet:
64bit: NetDDEGroup - Driver Group
SafeBootNet:
64bit: Network - Driver Group
SafeBootNet:
64bit: NetworkProvider - Driver Group
SafeBootNet:
64bit: PCI Configuration - Driver Group
SafeBootNet:
64bit: PEVSystemStart - Service
SafeBootNet:
64bit: PNP Filter - Driver Group
SafeBootNet:
64bit: PNP_TDI - Driver Group
SafeBootNet:
64bit: Primary disk - Driver Group
SafeBootNet:
64bit: procexp90.Sys - Driver
SafeBootNet:
64bit: rdsessmgr - Service
SafeBootNet:
64bit: sacsvr - Service
SafeBootNet:
64bit: SCSI Class - Driver Group
SafeBootNet:
64bit: Streams Drivers - Driver Group
SafeBootNet:
64bit: System Bus Extender - Driver Group
SafeBootNet:
64bit: TDI - Driver Group
SafeBootNet:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:
64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:
64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:
64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:
64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:
64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ========== [2010/02/10 09:17:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:26:57 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\DDS
[2010/02/08 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Usenet.nl
[2010/02/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/02/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2010/02/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\RECIPES FOR SPA PRODUCTS
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- C:\ee948db245f17756b8f32085b1e09a
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- \ee948db245f17756b8f32085b1e09a
[2010/02/06 08:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/06 08:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- C:\c69f613032c2596802d69d920092d2
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- \c69f613032c2596802d69d920092d2
[2010/02/06 05:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddThis Toolbar
[2010/02/04 22:22:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/04 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\SSI
[2010/01/31 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Resume
[2010/01/28 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT logs
[2010/01/27 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
========== Files - Modified Within 14 Days ========== [2010/02/10 09:19:27 | 006,291,456 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/10 08:42:51 | 055,395,969 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/02/09 01:22:18 | 000,524,288 | ---- | M] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 21:47:07 | 000,022,704 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/02/08 21:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 01:18:19 | 000,001,730 | ---- | M] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 22:47:16 | 000,695,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/07 22:47:16 | 000,597,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/07 22:47:16 | 000,102,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/07 22:41:32 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/07 22:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/07 22:40:29 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 22:37:16 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 22:37:16 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/07 22:37:13 | 001,821,017 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/02/07 10:21:50 | 000,018,944 | ---- | M] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:16:40 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:48 | 000,001,930 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:23:25 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:23:25 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2010/02/06 07:05:02 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/02/06 00:58:17 | 000,000,036 | ---- | M] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 22:21:52 | 000,026,112 | ---- | M] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/02/04 11:33:53 | 000,969,216 | ---- | M] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:03:14 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\question on ssi.wps
========== Files Created - No Company Name ========== [2010/02/09 01:22:03 | 000,524,288 | ---- | C] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | C] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | C] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:16:40 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:31 | 000,001,930 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () --
[2010/02/06 06:17:04 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/06 06:17:03 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/06 06:17:02 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/06 06:17:02 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/06 06:17:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/06 06:17:01 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/06 06:17:01 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/06 06:17:01 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/06 06:17:00 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/02/06 06:17:00 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/06 06:17:00 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/06 06:17:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/02/06 06:17:00 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/02/06 06:17:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/06 06:16:59 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/06 06:16:59 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/02/06 06:16:59 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/02/06 06:16:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/02/06 06:16:59 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/06 06:16:47 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/06 06:16:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/06 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 18:06:55 | 000,000,125 | ---- | C] () -- \FINIS_IT.TXT
[2010/02/04 11:22:06 | 000,969,216 | ---- | C] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:02:03 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/31 19:19:51 | 000,026,112 | ---- | C] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2009/08/14 22:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/04/04 23:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 16:11:27 | 000,000,680 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/01/23 01:03:56 | 000,000,606 | ---- | C] () -- \updatedatfix.log
[2008/12/31 15:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 15:16:32 | 000,022,704 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 16:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/05/06 17:09:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/05/06 17:09:46 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/06 16:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 16:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/06 16:11:49 | 176,435,199 | -HS- | C] () --
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
========== LOP Check ========== [2009/11/29 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG9
[2010/02/04 19:16:27 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/18 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/01/17 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2009/08/14 22:55:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2009/06/19 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/10 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2010/01/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/02/10 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/01/26 22:23:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/02/07 22:37:25 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
========== Purity Check ========== ========== Custom Scans ========== < 4.Under the Custom Scan box paste this in > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
< MD5 for: ATAPI.SYS >[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CNGAUDIT.DLL >[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >[2007/01/12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
< MD5 for: NETLOGON.DLL >[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
< MD5 for: NVSTOR.SYS >[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
< MD5 for: SCECLI.DLL >[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >____________________
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2008 6:47:54 AM
System Uptime: 2/8/2010 8:35:37 AM (17 hours ago)
Motherboard: FOXCONN | | Napa
Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | Socket 775 | 1600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 455 GiB total, 345.554 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.045 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP595: 1/20/2010 7:00:02 PM - Windows Backup
RP596: 1/22/2010 5:36:43 PM - Windows Backup
RP597: 1/22/2010 7:00:01 PM - Windows Backup
RP598: 1/23/2010 7:00:01 PM - Windows Backup
RP599: 1/24/2010 7:00:01 PM - Windows Backup
RP600: 1/25/2010 6:19:50 PM - Windows Backup
RP601: 1/25/2010 7:00:00 PM - Windows Backup
RP602: 1/26/2010 8:09:43 AM - Scheduled Checkpoint
RP603: 1/26/2010 9:24:20 AM - Avg8 Update
RP604: 1/26/2010 7:00:07 PM - Windows Backup
RP605: 1/26/2010 10:30:13 PM - Device Driver Package Install: NVIDIA Display adapters
RP606: 1/27/2010 7:00:01 PM - Windows Backup
RP607: 1/28/2010 12:21:23 AM - Installed Adobe Reader 9.3.
RP608: 1/28/2010 7:10:13 PM - Windows Backup
RP609: 1/31/2010 11:53:59 AM - Windows Backup
RP610: 1/31/2010 7:00:01 PM - Windows Backup
RP611: 2/1/2010 7:02:12 AM - Scheduled Checkpoint
RP612: 2/1/2010 7:02:36 PM - Windows Backup
RP613: 2/2/2010 7:02:31 PM - Windows Backup
RP614: 2/2/2010 7:57:45 PM - Windows Update
RP615: 2/3/2010 7:02:37 PM - Windows Backup
RP616: 2/4/2010 7:00:10 PM - Windows Backup
RP617: 2/4/2010 7:00:45 PM - Windows Update
RP618: 2/6/2010 6:17:11 AM - Windows Update
RP619: 2/6/2010 7:53:50 AM - Avg8 Update
RP620: 2/6/2010 7:57:50 AM - Windows Backup
RP621: 2/6/2010 8:15:37 AM - Installed SUPERAntiSpyware Free Edition
RP622: 2/6/2010 8:26:31 AM - Windows Update
RP623: 2/6/2010 2:58:23 PM - Windows Update
RP624: 2/6/2010 4:10:17 PM - Removed Adobe Reader 9.2.
RP625: 2/6/2010 4:21:32 PM - Removed Adobe Reader 9.2.
RP626: 2/6/2010 4:29:34 PM - Windows Backup
RP627: 2/6/2010 7:00:01 PM - Windows Backup
RP628: 2/6/2010 7:08:00 PM - Removed Adobe Reader 9.2.
RP629: 2/8/2010 6:04:19 AM - Scheduled Checkpoint
==== Installed Programs ======================
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnyDVD
AOL Toolbar
AVG Free 9.0
BufferChm
C6100
c6100_Help
CCleaner
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
Defraggler (remove only)
Destinations
DeviceManagementQFolder
DivX 4.12 Codec
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fast Blog Finder 3
Fax
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential
HP Picasso Media Center Add-In
HP Print Diagnostic Utility
HP Product Assistant
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
HPTCSSetup
Java SE Runtime Environment 6 Update 1
KeyScrambler
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Power2Go
Python 2.5
Realtek High Definition Audio Driver
Scan
Security Task Manager 1.7h
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
TurboTax Deluxe 2007
Uniblue ProcessQuickLink 2
Uniblue ProcessScanner
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Usenet.nl
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
WinSnap
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
2/6/2010 8:18:02 AM, Error: Service Control Manager [7000] - The SASENUM service failed to
start due to the following error: This driver has been blocked from loading
2/6/2010 8:18:02 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)
\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this
system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASKUTIL service failed to
start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to
start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)
\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this
system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)
\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this
system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 7:41:12 AM, Error: Service Control Manager [7034] - The XAudioService service
terminated unexpectedly. It has done this 1 time(s).
2/6/2010 7:36:38 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed
Transaction Coordinator service hung on starting.
2/6/2010 7:31:41 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to
share printer hp officejet 6100 series with shared resource name hp officejet 6100 series. Error
2114. The printer cannot be used by others on the network.
2/6/2010 7:12:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/6/2010 7:09:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68
-F52A-11D8-B9A5-505054503030}
2/6/2010 7:04:28 AM, Error: Service Control Manager [7026] - The following boot-start or
system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC ElbyCDIO kl1 NetBIOS
netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on
the Network Store Interface Service service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector
Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start
because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebClient service depends on
the WebDav Client Redirector Driver service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service
depends on the Ancilliary Function Driver for Winsock service which failed to start because of
the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and
Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start
because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service
depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of
the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service
depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of
the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Store Interface
Service service depends on the NSI proxy service service which failed to start because of the
following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness
service depends on the Network Store Interface Service service which failed to start because of
the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network List Service service
depends on the Network Location Awareness service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on
the Network Store Interface Service service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on
the NetIO Legacy TDI Support Driver service which failed to start because of the following
error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on
the Ancilliary Function Driver for Winsock service which failed to start because of the
following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Computer Browser service
depends on the Server service which failed to start because of the following error: The
dependency service or group failed to start.
2/6/2010 7:04:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F
-AC08-4F1F-BEB7-5C22C517CE39}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"
attempting to start the service netprofm with arguments "" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"
attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-
2166-11D1-B1D0-00805FC1270E}
2/6/2010 7:03:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"
attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335
-FE2A-4927-A040-7C35AD3180EF}
2/6/2010 7:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
2/6/2010 7:03:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
2/6/2010 7:03:37 AM, Error: EventLog [6008] - The previous system shutdown at 6:58:07 AM on
2/6/2010 was unexpected.
2/6/2010 5:43:26 PM, Error: Service Control Manager [7031] - The Windows Installer service
terminated unexpectedly. It has done this 1 time(s). The following corrective action will be
taken in 120000 milliseconds: Restart the service.
2/6/2010 2:54:40 PM, Error: Service Control Manager [7026] - The following boot-start or
system-start driver(s) failed to load: SASDIFSV SASKUTIL
2/5/2010 4:16:08 PM, Error: Service Control Manager [7026] - The following boot-start or
system-start driver(s) failed to load: SASKUTIL
2/5/2010 4:16:06 PM, Error: Service Control Manager [7001] - The Windows Audio service depends
on the Windows Audio Endpoint Builder service which failed to start because of the following
error: The service cannot be started, either because it is disabled or because it has no
enabled devices associated with it
==== End Of File =========================== see below
There was a window i had open about being asked to run a GMER or something like that and telling me i had to diable something (didn't know if you needed that information or not so I encluded it below, anyway!)
We need to see some information about what is happening in your machine. Please perform the following scan:
•Download DDS by sUBs from one of the following links. Save it to your desktop.
◦DDS.scr◦DDS.pif•Double click on the DDS icon, allow it to run.
•A small box will open, with an explaination about the tool. No input is needed, the scan is running.
•Notepad will open with the results.
•Follow the instructions that pop up for posting the results.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:
Why we request you disable CD Emulation when receiving Malware Removal Advice;
OK Let me know if i need to download the DDS or GMER, etc for you; I will be awaiting your kind response and I want to say thank you again for helping me.
Aleta
Hi Tom,
I want to thank you for your kindness and for helping me. If I have done anything wrong or in the wrong order, please be patient and forgive me; I will try to do my best.
I'm sure something is going on asthere were many people complainting about mail I had sent them from an email screen name i havn't used in oveer a year!
I hope I did this right; at the end of this I am enclosing the copy of another windows I saw open that I did (disregard it if it's not important!) =) Aleta
OTL logfile created on: 2/10/2010 9:18:26 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 344.76 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.06 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
PRC - [2010/02/09 01:58:21 | 000,293,376 | R--- | M] () -- C:\Users\Larry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
PRC - [2009/12/31 08:27:27 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/11/29 01:38:28 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/02 23:00:34 | 000,279,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/27 16:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/03/23 14:07:24 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 11:29:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/02 08:50:28 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/20 06:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
PRC - [2007/06/20 06:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkDStore.exe
PRC - [2007/06/20 06:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/02/02 07:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
========== Modules (SafeList) ========== MOD - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2008/01/20 18:52:05 | 000,521,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:
64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:
64bit: - [2006/11/02 07:04:59 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/11 19:49:12 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/06 16:49:34 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/14 17:31:38 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/12/04 16:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtIE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndtIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2009/01/16 21:19:45 | 000,291,249 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10030 more lines...
O2:
64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:
64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:
64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:
64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:
64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:
64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:
64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:
64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:
64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:
64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:
64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O24 - Desktop BackupWallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell - "" = AutoRun
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell\AutoRun\command - "" = J:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs:
64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:
64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:
64bit: Ntmssvc - C:\Windows\SysNative\ntmssvc.dll ()
NetSvcs:
64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
SafeBootMin:
64bit: AppMgmt - Service
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PEVSystemStart - Service
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: procexp90.Sys - Driver
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:
64bit: AppMgmt - Service
SafeBootNet:
64bit: Base - Driver Group
SafeBootNet:
64bit: Boot Bus Extender - Driver Group
SafeBootNet:
64bit: Boot file system - Driver Group
SafeBootNet:
64bit: File system - Driver Group
SafeBootNet:
64bit: Filter - Driver Group
SafeBootNet:
64bit: HelpSvc - Service
SafeBootNet:
64bit: Messenger - Service
SafeBootNet:
64bit: NDIS Wrapper - Driver Group
SafeBootNet:
64bit: NetBIOSGroup - Driver Group
SafeBootNet:
64bit: NetDDEGroup - Driver Group
SafeBootNet:
64bit: Network - Driver Group
SafeBootNet:
64bit: NetworkProvider - Driver Group
SafeBootNet:
64bit: PCI Configuration - Driver Group
SafeBootNet:
64bit: PEVSystemStart - Service
SafeBootNet:
64bit: PNP Filter - Driver Group
SafeBootNet:
64bit: PNP_TDI - Driver Group
SafeBootNet:
64bit: Primary disk - Driver Group
SafeBootNet:
64bit: procexp90.Sys - Driver
SafeBootNet:
64bit: rdsessmgr - Service
SafeBootNet:
64bit: sacsvr - Service
SafeBootNet:
64bit: SCSI Class - Driver Group
SafeBootNet:
64bit: Streams Drivers - Driver Group
SafeBootNet:
64bit: System Bus Extender - Driver Group
SafeBootNet:
64bit: TDI - Driver Group
SafeBootNet:
64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:
64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:
64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:
64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:
64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:
64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ========== [2010/02/10 09:17:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:26:57 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\DDS
[2010/02/08 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Usenet.nl
[2010/02/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/02/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2010/02/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\RECIPES FOR SPA PRODUCTS
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- C:\ee948db245f17756b8f32085b1e09a
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- \ee948db245f17756b8f32085b1e09a
[2010/02/06 08:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/06 08:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- C:\c69f613032c2596802d69d920092d2
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- \c69f613032c2596802d69d920092d2
[2010/02/06 05:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddThis Toolbar
[2010/02/04 22:22:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/04 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\SSI
[2010/01/31 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Resume
[2010/01/28 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT logs
[2010/01/27 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
========== Files - Modified Within 14 Days ========== [2010/02/10 09:19:27 | 006,291,456 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/10 08:42:51 | 055,395,969 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/02/09 01:22:18 | 000,524,288 | ---- | M] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 21:47:07 | 000,022,704 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/02/08 21:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 01:18:19 | 000,001,730 | ---- | M] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 22:47:16 | 000,695,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/07 22:47:16 | 000,597,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/07 22:47:16 | 000,102,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/07 22:41:32 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/07 22:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/07 22:40:29 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 22:37:16 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 22:37:16 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/07 22:37:13 | 001,821,017 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/02/07 10:21:50 | 000,018,944 | ---- | M] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:16:40 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:48 | 000,001,930 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:23:25 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:23:25 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2010/02/06 07:05:02 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/02/06 00:58:17 | 000,000,036 | ---- | M] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 22:21:52 | 000,026,112 | ---- | M] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/02/04 11:33:53 | 000,969,216 | ---- | M] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:03:14 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\question on ssi.wps
========== Files Created - No Company Name ========== [2010/02/09 01:22:03 | 000,524,288 | ---- | C] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | C] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | C] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:16:40 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:31 | 000,001,930 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () --
[2010/02/06 06:17:04 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/06 06:17:03 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/06 06:17:02 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/06 06:17:02 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/06 06:17:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/06 06:17:01 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/06 06:17:01 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/06 06:17:01 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/06 06:17:00 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/02/06 06:17:00 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/06 06:17:00 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/06 06:17:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/02/06 06:17:00 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/02/06 06:17:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/06 06:16:59 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/06 06:16:59 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/02/06 06:16:59 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/02/06 06:16:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/02/06 06:16:59 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/06 06:16:47 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/06 06:16:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/06 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 18:06:55 | 000,000,125 | ---- | C] () -- \FINIS_IT.TXT
[2010/02/04 11:22:06 | 000,969,216 | ---- | C] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:02:03 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/31 19:19:51 | 000,026,112 | ---- | C] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2009/08/14 22:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/04/04 23:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 16:11:27 | 000,000,680 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/01/23 01:03:56 | 000,000,606 | ---- | C] () -- \updatedatfix.log
[2008/12/31 15:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 15:16:32 | 000,022,704 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 16:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/05/06 17:09:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/05/06 17:09:46 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/06 16:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 16:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/06 16:11:49 | 176,435,199 | -HS- | C] () --
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
========== LOP Check ========== [2009/11/29 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG9
[2010/02/04 19:16:27 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/18 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/01/17 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2009/08/14 22:55:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2009/06/19 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/10 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2010/01/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/02/10 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/01/26 22:23:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/02/07 22:37:25 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
========== Purity Check ========== ========== Custom Scans ========== < 4.Under the Custom Scan box paste this in > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
< MD5 for: ATAPI.SYS >[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
< MD5 for: CNGAUDIT.DLL >[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >[2007/01/12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
< MD5 for: NETLOGON.DLL >[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
< MD5 for: NVSTOR.SYS >[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
< MD5 for: SCECLI.DLL >[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >____________________
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2008 6:47:54 AM
System Uptime: 2/8/2010 8:35:37 AM (17 hours ago)
Motherboard: FOXCONN | | Napa
Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | Socket 775 | 1600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 455 GiB total, 345.554 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.045 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP595: 1/20/2010 7:00:02 PM - Windows Backup
RP596: 1/22/2010 5:36:43 PM - Windows Backup
RP597: 1/22/2010 7:00:01 PM - Windows Backup
RP598: 1/23/2010 7:00:01 PM - Windows Backup
RP599: 1/24/2010 7:00:01 PM - Windows Backup
RP600: 1/25/2010 6:19:50 PM - Windows Backup
RP601: 1/25/2010 7:00:00 PM - Windows Backup
RP602: 1/26/2010 8:09:43 AM - Scheduled Checkpoint
RP603: 1/26/2010 9:24:20 AM - Avg8 Update
RP604: 1/26/2010 7:00:07 PM - Windows Backup
RP605: 1/26/2010 10:30:13 PM - Device Driver Package Install: NVIDIA Display adapters
RP606: 1/27/2010 7:00:01 PM - Windows Backup
RP607: 1/28/2010 12:21:23 AM - Installed Adobe Reader 9.3.
RP608: 1/28/2010 7:10:13 PM - Windows Backup
RP609: 1/31/2010 11:53:59 AM - Windows Backup
RP610: 1/31/2010 7:00:01 PM - Windows Backup
RP611: 2/1/2010 7:02:12 AM - Scheduled Checkpoint
RP612: 2/1/2010 7:02:36 PM - Windows Backup
RP613: 2/2/2010 7:02:31 PM - Windows Backup
RP614: 2/2/2010 7:57:45 PM - Windows Update
RP615: 2/3/2010 7:02:37 PM - Windows Backup
RP616: 2/4/2010 7:00:10 PM - Windows Backup
RP617: 2/4/2010 7:00:45 PM - Windows Update
RP618: 2/6/2010 6:17:11 AM - Windows Update
RP619: 2/6/2010 7:53:50 AM - Avg8 Update
RP620: 2/6/2010 7:57:50 AM - Windows Backup
RP621: 2/6/2010 8:15:37 AM - Installed SUPERAntiSpyware Free Edition
RP622: 2/6/2010 8:26:31 AM - Windows Update
RP623: 2/6/2010 2:58:23 PM - Windows Update
RP624: 2/6/2010 4:10:17 PM - Removed Adobe Reader 9.2.
RP625: 2/6/2010 4:21:32 PM - Removed Adobe Reader 9.2.
RP626: 2/6/2010 4:29:34 PM - Windows Backup
RP627: 2/6/2010 7:00:01 PM - Windows Backup
RP628: 2/6/2010 7:08:00 PM - Removed Adobe Reader 9.2.
RP629: 2/8/2010 6:04:19 AM - Scheduled Checkpoint
==== Installed Programs ======================
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnyDVD
AOL Toolbar
AVG Free 9.0
BufferChm
C6100
c6100_Help
CCleaner
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
Defraggler (remove only)
Destinations
DeviceManagementQFolder
DivX 4.12 Codec
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fast Blog Finder 3
Fax
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential
HP Picasso Media Center Add-In
HP Print Diagnostic Utility
HP Product Assistant
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
HPTCSSetup
Java SE Runtime Environment 6 Update 1
KeyScrambler
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Power2Go
Python 2.5
Realtek High Definition Audio Driver
Scan
Security Task Manager 1.7h
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
TurboTax Deluxe 2007
Uniblue ProcessQuickLink 2
Uniblue ProcessScanner
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Usenet.nl
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
WinSnap
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
2/6/2010 8:18:02 AM, Error: Service Control Manager [7000] - The SASENUM service failed to
start due to the following error: This driver has been blocked from loading
2/6/2010 8:18:02 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)
\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this
system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASKUTIL service failed to
start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to
start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)
\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this
system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)
\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this
system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 7:41:12 AM, Error: Service Control Manager [7034] - The XAudioService service
terminated unexpectedly. It has done this 1 time(s).
2/6/2010 7:36:38 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed
Transaction Coordinator service hung on starting.
2/6/2010 7:31:41 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to
share printer hp officejet 6100 series with shared resource name hp officejet 6100 series. Error
2114. The printer cannot be used by others on the network.
2/6/2010 7:12:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/6/2010 7:09:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68
-F52A-11D8-B9A5-505054503030}
2/6/2010 7:04:28 AM, Error: Service Control Manager [7026] - The following boot-start or
system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC ElbyCDIO kl1 NetBIOS
netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on
the Network Store Interface Service service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector
Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start
because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebClient service depends on
the WebDav Client Redirector Driver service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service
depends on the Ancilliary Function Driver for Winsock service which failed to start because of
the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and
Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start
because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service
depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of
the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service
depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of
the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Store Interface
Service service depends on the NSI proxy service service which failed to start because of the
following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness
service depends on the Network Store Interface Service service which failed to start because of
the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network List Service service
depends on the Network Location Awareness service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on
the Network Store Interface Service service which failed to start because of the following
error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on
the NetIO Legacy TDI Support Driver service which failed to start because of the following
error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on
the Ancilliary Function Driver for Winsock service which failed to start because of the
following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Computer Browser service
depends on the Server service which failed to start because of the following error: The
dependency service or group failed to start.
2/6/2010 7:04:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F
-AC08-4F1F-BEB7-5C22C517CE39}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"
attempting to start the service netprofm with arguments "" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"
attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-
2166-11D1-B1D0-00805FC1270E}
2/6/2010 7:03:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"
attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335
-FE2A-4927-A040-7C35AD3180EF}
2/6/2010 7:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
2/6/2010 7:03:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"
attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
2/6/2010 7:03:37 AM, Error: EventLog [6008] - The previous system shutdown at 6:58:07 AM on
2/6/2010 was unexpected.
2/6/2010 5:43:26 PM, Error: Service Control Manager [7031] - The Windows Installer service
terminated unexpectedly. It has done this 1 time(s). The following corrective action will be
taken in 120000 milliseconds: Restart the service.
2/6/2010 2:54:40 PM, Error: Service Control Manager [7026] - The following boot-start or
system-start driver(s) failed to load: SASDIFSV SASKUTIL
2/5/2010 4:16:08 PM, Error: Service Control Manager [7026] - The following boot-start or
system-start driver(s) failed to load: SASKUTIL
2/5/2010 4:16:06 PM, Error: Service Control Manager [7001] - The Windows Audio service depends
on the Windows Audio Endpoint Builder service which failed to start because of the following
error: The service cannot be started, either because it is disabled or because it has no
enabled devices associated with it
==== End Of File =========================== see below
There was a window i had open about being asked to run a GMER or something like that and telling me i had to diable something (didn't know if you needed that information or not so I encluded it below, anyway!)
We need to see some information about what is happening in your machine. Please perform the following scan:
•Download DDS by sUBs from one of the following links. Save it to your desktop.
◦DDS.scr◦DDS.pif•Double click on the DDS icon, allow it to run.
•A small box will open, with an explaination about the tool. No input is needed, the scan is running.
•Notepad will open with the results.
•Follow the instructions that pop up for posting the results.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:
Why we request you disable CD Emulation when receiving Malware Removal Advice;
OK Let me know if i need to download the DDS or GMER, etc for you; I will be awaiting your kind response and I want to say thank you again for helping me.
Aleta