Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 crashes


  • This topic is locked This topic is locked
42 replies to this topic

#1 C Jones

C Jones

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 04 September 2010 - 06:22 PM

Hi, new here, so thank you for your patience smile.gif

I ran on Vista until recently, pc became very unstable crashing on a regular basis; so I decided it was time to upgrade to Windows 7.

PC doesn't crash as often now, only crashed about 6 times in a couple of weeks.

However, I would like to get to the bottom of why it Keeps crashing!

I also have a a Windows Activation error now, code 0x8007000D.

I ran an MGA diagnostic tool with the follwoing result, but I have no idea what it means!

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-28T3J-7T9M4-J9Q6Q
Windows Product Key Hash: z0o9vXCy1LxRzpVnjkIovHKSYRc=
Windows Product ID: 00359-029-6837477-85284
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {5A82517D-D09D-48FE-8523-A51B3E685214}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5A82517D-D09D-48FE-8523-A51B3E685214}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-J9Q6Q</PKey><PID>00359-029-6837477-85284</PID><PIDType>5</PIDType><SID>S-1-5-21-2887417418-4141008756-3368296357</SID><SYSTEM><Manufacturer>MEDIONPC</Manufacturer><Model>MS-7358</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20070806000000.000000+000</Date></BIOS><HWID>592F0400010000FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>MEDION</OEMID><OEMTableID>MEDIONAG</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>563CD099A02E716</Val><Hash>TTN9ZmCI0YM0pFxArX979iLodAg=</Hash><Pid>81602-907-3458357-68865</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
C:\Windows\system32\slmgr.vbs(1333, 5) (null): The data is invalid.

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:26:2010 10:36
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
N/A, hr = 0x8007000d

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC MEDION MEDIONAG
FACP MEDION MEDIONAG
HPET MEDION MEDIONAG
MCFG MEDION MEDIONAG
SLIC MEDION MEDIONAG
SSDT PmRef CpuPm


I also had an issue upgrading HiJackThis to the latest version, each time I ran it an error appeared. I therefore ran it in compatible mode which the system changed to windows XP!

Here' the log;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:24, on 04/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\msdt.exe
C:\Windows\System32\sdiagnhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.tescophoto.com/wpp/tescophotodi...geUploader5.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EC7CCE4-9BCA-475C-80E0-4C1CFF7204A7}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EC7CCE4-9BCA-475C-80E0-4C1CFF7204A7}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EC7CCE4-9BCA-475C-80E0-4C1CFF7204A7}: NameServer = 192.168.0.1
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

--
End of file - 9291 bytes



Here's details of my system;

Operating System
MS Windows 7 Home Premium 32-bit
Installation Date: 25 August 2010, 06:59
Serial Number: T4VMV-3KQQD-28T3J-7T9M4-J9Q6Q

CPU
Intel Core 2 Quad Q6600 @ 2.40GHz 39 °C
Kentsfield 65nm Technology
RAM
2.0GB Dual-Channel DDR2 @ 332MHz (5-5-5-15)
Motherboard
Manufacturer MICRO-STAR INTERNATIONAL CO., LTD
Model MS-7358
Version OEM
Chipset Vendor Intel
Chipset Model P35/G33/G31
Chipset Revision A2
Southbridge Vendor Intel
Southbridge Model 82801IR (ICH9R)
Southbridge Revision 02
BIOS
Brand Phoenix Technologies, LTD
Version 6.00 PG
Date 08/06/2007
Graphics
Monitor
Name Generic PnP Monitor on NVIDIA GeForce 8600 GT
Current Resolution 1680x1050 pixels
Work Resolution 1680x1050 pixels
State enabled, primary
Monitor Width 1680
Monitor Height 1050
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Hard Drives
RAID_Volume0
Manufacturer Unknown manufacturer
Interface SCSI
Capacity 977GB
Real size 1,000,210,432,000 bytes
S.M.A.R.T
A device attached to the system is not functioning.
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter E:
File System FAT32
Volume Serial Number E663BFE1
Size 15.6GB
Used Space 4.57GB (30%)
Free Space 11.0GB (70%)
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number F0245E9F
Size 916GB
Used Space 290GB (32%)
Free Space 626GB (68%)
Optical Drives
Unknown system error: 0x80041001
Audio
No audio card detected
Playback Devices
Realtek HDMI Output (Realtek High Definition Audio)
Speakers (Realtek High Definition Audio) (default)
Recording Devices
Aux (Realtek High Definition Audio) (default)
Stereo Mix (Realtek High Definition Audio)


I hope someone can me sort out my issue.

I run AVG9, Spybot 1.6, CCleaner 2.35, SpywareBlaster.

Please let me know if you need any further information.

Thank you.

Hello all

I now have a system message saying that Windows has detected file corruption in the C drive and that I need to run chkdsk; however it wont let me run chkdsk due to a recent software install (doesn't tell me which one!).

So I am stuck.

I am currently running Windows Backup utility.

Once this has completed can some one guide me as to the best course of action?

I probably need to reformat the hard disk to fix the errors, but because I have recently upgraded to Windows 7 from Vista, what do I do then?

I have the original Vista recovery disk from the pc manufacturer (Medion), so do I turn on the pc using that disk once I hace reformatted the hard disk?

Or do I create a system boot disk with Windows 7? Or will the Windows 7 upgrade allow me to upgrade without Windows Vista being on there?

Sorry, I'm very confused!

I do hope someone can help and let me know step by step what I need to do?

Thank you.

Regards.

EDIT: Posts merged ~BP

Edited by Budapest, 09 September 2010 - 04:44 PM.
Moved from Win 7 forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 13 September 2010 - 04:14 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 September 2010 - 03:22 PM

OTL.xt

OTL logfile created on: 13/09/2010 21:14:35 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Cenwyn\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 915.92 Gb Total Space | 626.17 Gb Free Space | 68.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.57 Gb Total Space | 11.01 Gb Free Space | 70.67% Space Free | Partition Type: FAT32
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1862.36 Gb Total Space | 1142.74 Gb Free Space | 61.36% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 519.72 Gb Free Space | 55.79% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-PC
Current User Name: Cenwyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 21:13:11 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Cenwyn\Desktop\OTL.exe
PRC - [2010/08/31 07:04:41 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/23 00:27:17 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/23 00:27:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/23 00:27:13 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/23 00:27:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/23 00:26:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/23 00:26:09 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/23 00:26:08 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/11 10:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/17 13:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 21:13:11 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Cenwyn\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/25 07:57:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/19 20:02:41 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/23 00:27:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/23 00:26:09 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/04/08 11:38:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/04/06 14:10:56 | 000,223,704 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/04/06 14:10:22 | 000,272,856 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/04/06 14:10:08 | 000,449,496 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/04/06 14:08:58 | 000,158,168 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/04/06 14:08:24 | 000,039,896 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/04/06 14:08:14 | 000,059,352 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/04/06 14:07:46 | 000,313,816 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/04/06 14:06:48 | 000,256,472 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/02/12 10:46:34 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/12 19:43:02 | 000,114,778 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2007/01/12 19:43:00 | 000,290,908 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2001/11/12 13:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - [2010/07/23 00:27:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/23 00:26:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/04 19:04:49 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/04 11:55:48 | 000,224,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:14 | 000,075,944 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/06/01 19:00:14 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/15 01:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2008/09/08 16:26:22 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2007/08/22 18:44:18 | 001,950,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/04/06 14:10:40 | 000,014,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007/02/18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007/01/08 18:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
IE - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/08/25 01:12:32 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Mozilla\Extensions
[2008/04/24 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/06/06 00:24:06 | 000,405,162 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 14012 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-2887417418-4141008756-3368296357-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.tescophoto.com/wpp/tescophotodi...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: D:\My Documents\My Pictures\2007_0930\DSC06517.JPG
O24 - Desktop BackupWallPaper: D:\My Documents\My Pictures\2007_0930\DSC06517.JPG
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/28 21:00:27 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/09/17 01:12:32 | 000,000,000 | ---D | M] - K:\autorun -- [ NTFS ]
O33 - MountPoints2\{2c5236f3-b069-11df-922f-001d92447ea8}\Shell - "" = AutoRun
O33 - MountPoints2\{2c5236f3-b069-11df-922f-001d92447ea8}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- [2010/01/22 01:13:40 | 003,330,848 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 21:13:11 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Cenwyn\Desktop\OTL.exe
[2010/09/09 03:02:55 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Roaming\GlarySoft
[2010/09/09 02:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/09/09 02:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/09/08 22:38:45 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Roaming\FileZilla
[2010/09/08 22:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/09/05 01:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/04 12:19:09 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/09/04 11:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/04 08:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/02 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Roaming\Registry Mechanic
[2010/08/29 01:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/08/29 00:51:56 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\ElevatedDiagnostics
[2010/08/26 19:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/08/26 19:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/25 23:00:38 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\Diagnostics
[2010/08/25 22:36:30 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/08/25 18:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/25 17:53:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/25 09:42:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/08/25 09:35:29 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010/08/25 09:27:56 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010/08/25 08:07:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/08/25 07:00:50 | 000,000,000 | -H-D | C] -- C:\Users\Cenwyn\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/25 06:59:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/08/25 00:49:20 | 000,000,000 | --SD | C] -- C:\Users\Cenwyn\AppData\Roaming\Microsoft
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\Videos
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\Saved Games
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\Pictures
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\Links
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\Favorites
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\My Documents
[2010/08/25 00:49:20 | 000,000,000 | R--D | C] -- C:\Users\Cenwyn\Desktop
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\AppData\Local\Temporary Internet Files
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Templates
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Start Menu
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\SendTo
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Recent
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\PrintHood
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\NetHood
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Documents\My Videos
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Documents\My Pictures
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Documents\My Music
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\My Documents
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Local Settings
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\AppData\Local\History
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Cookies
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\Application Data
[2010/08/25 00:49:20 | 000,000,000 | -HSD | C] -- C:\Users\Cenwyn\AppData\Local\Application Data
[2010/08/25 00:49:20 | 000,000,000 | -H-D | C] -- C:\Users\Cenwyn\AppData
[2010/08/25 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\Temp
[2010/08/25 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\Microsoft
[2010/08/25 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Roaming\Media Center Programs
[2010/08/25 00:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/08/25 00:46:46 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/08/24 22:24:12 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\Microsoft Corporation
[2010/08/24 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/08/19 08:08:09 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\Documents\WORDsearch Backups
[2010/08/19 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\WSStepImport
[2010/08/19 08:00:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{FC11E22B-D5AA-4712-A448-BA89818FEE4E}
[2010/08/19 07:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\wsc
[2010/08/19 07:52:30 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\Documents\WORDsearch
[2010/08/19 07:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WORDsearch
[2010/08/19 07:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WORDsearch
[2010/08/19 07:52:30 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Local\Bible Explorer 4
[2010/08/19 07:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bible Explorer 4
[2010/08/19 02:45:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/19 02:45:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/19 02:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/19 02:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/18 20:02:18 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\Old Desktop
[2010/08/17 00:32:42 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Roaming\Canneverbe Limited
[2010/08/17 00:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/08/17 00:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/07 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\.dvdcss
[2010/08/07 12:23:23 | 000,000,000 | ---D | C] -- C:\Next Video Converter
[2010/08/07 12:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Next Video Converter
[2010/08/07 12:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010/08/01 07:58:00 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AdobeLicensingFilesBackup
[2010/08/01 07:54:48 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\Documents\LicenseRecovery109[1]
[2010/07/31 20:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/07/31 18:38:26 | 000,000,000 | ---D | C] -- C:\Users\Cenwyn\AppData\Roaming\AVG9
[2010/07/23 00:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/07/23 00:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/23 00:27:13 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/15 23:17:47 | 000,000,000 | ---D | C] -- C:\8bcc3575487160762c1dad9c
[2010/06/20 13:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Cenwyn\Documents\*.tmp files -> C:\Users\Cenwyn\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/13 21:14:18 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/13 21:14:18 | 000,619,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/13 21:14:18 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/13 21:13:44 | 064,580,852 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/13 21:13:11 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Cenwyn\Desktop\OTL.exe
[2010/09/13 21:09:36 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/09/13 21:09:36 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/13 21:09:35 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 21:09:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 21:09:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 21:08:57 | 1609,150,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 16:58:24 | 000,010,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 16:58:24 | 000,010,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 16:58:22 | 008,912,896 | -HS- | M] () -- C:\Users\Cenwyn\NTUSER.DAT
[2010/09/13 16:58:19 | 003,811,515 | -H-- | M] () -- C:\Users\Cenwyn\AppData\Local\IconCache.db
[2010/09/13 16:56:21 | 000,040,393 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Rock of Ages by Colin Webster For Church Use.pdf
[2010/09/13 07:19:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/11 17:51:45 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/09/11 17:46:32 | 000,053,760 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Songsheet 100912.doc
[2010/09/09 03:14:25 | 000,001,316 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100909_031421.reg
[2010/09/09 03:04:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/09 03:04:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/09 02:52:17 | 000,000,966 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Glary Utilities.lnk
[2010/09/09 02:37:37 | 000,000,036 | ---- | M] () -- C:\Users\Cenwyn\AppData\Local\housecall.guid.cache
[2010/09/08 22:38:24 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/09/05 00:26:12 | 000,002,186 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100905_002609.reg
[2010/09/04 12:04:02 | 000,873,472 | ---- | M] () -- C:\Users\Cenwyn\Documents\Windows Activation An Error has occurred.ppt
[2010/09/04 11:59:39 | 000,002,969 | ---- | M] () -- C:\Users\Cenwyn\Desktop\HiJackThis.lnk
[2010/09/04 08:09:40 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/04 08:02:46 | 000,070,144 | ---- | M] () -- C:\Users\Cenwyn\Desktop\ServiceRota_Aug_Sept 2010 FINAL.doc
[2010/09/02 19:37:06 | 000,000,188 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100902_193702.reg
[2010/09/02 19:34:54 | 000,000,973 | ---- | M] () -- C:\Users\Cenwyn\Desktop\CCleaner.lnk
[2010/09/02 19:25:09 | 000,000,981 | ---- | M] () -- C:\Users\Cenwyn\Desktop\SpywareBlaster.lnk
[2010/08/29 01:40:47 | 000,000,838 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100829_014043.reg
[2010/08/29 01:02:45 | 000,001,114 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Auslogics Disk Defrag.lnk
[2010/08/28 00:41:29 | 000,001,871 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Defraggler.lnk
[2010/08/28 00:11:38 | 000,000,830 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100828_001134.reg
[2010/08/27 19:41:08 | 000,000,236 | ---- | M] () -- C:\Windows\win.ini
[2010/08/27 19:40:35 | 000,074,930 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Aidan.jpg
[2010/08/26 19:10:01 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/08/26 06:37:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/25 22:46:31 | 000,003,690 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100825_224628.reg
[2010/08/25 21:40:33 | 000,017,408 | ---- | M] () -- C:\Users\Cenwyn\Documents\Sal Both.xls
[2010/08/25 09:42:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/08/25 08:27:38 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2010/08/25 08:21:07 | 000,099,024 | ---- | M] () -- C:\Users\Cenwyn\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/25 08:20:31 | 000,018,604 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100825_082026.reg
[2010/08/25 08:11:00 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/08/25 08:10:02 | 000,475,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/25 07:00:52 | 000,001,415 | ---- | M] () -- C:\Users\Cenwyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/25 06:59:58 | 000,000,020 | -HS- | M] () -- C:\Users\Cenwyn\ntuser.ini
[2010/08/25 01:39:50 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/08/25 01:25:07 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2010/08/25 00:49:21 | 000,524,288 | -HS- | M] () -- C:\Users\Cenwyn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/25 00:49:21 | 000,524,288 | -HS- | M] () -- C:\Users\Cenwyn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/25 00:49:21 | 000,065,536 | -HS- | M] () -- C:\Users\Cenwyn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/25 00:47:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/25 00:22:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 00:22:23 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 23:01:56 | 000,003,020 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Windows Compatibility Report.htm
[2010/08/24 22:50:28 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/08/24 22:50:28 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/08/24 22:23:25 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/08/24 22:12:11 | 000,000,188 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100824_221207.reg
[2010/08/24 22:05:43 | 003,975,168 | ---- | M] () -- C:\Users\Cenwyn\Documents\Programs.ppt
[2010/08/21 22:10:43 | 000,821,504 | ---- | M] () -- C:\Users\Cenwyn\Desktop\tesco-application-form-2-updated.pdf
[2010/08/21 19:25:32 | 000,049,152 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Songsheet 100822.doc
[2010/08/19 23:18:29 | 000,001,234 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100819_231825.reg
[2010/08/19 20:01:40 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/08/19 08:00:36 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Bible Explorer 4.lnk
[2010/08/19 02:46:02 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 02:34:30 | 000,197,120 | ---- | M] () -- C:\Users\Cenwyn\Documents\Doc1.doc
[2010/08/19 02:07:01 | 000,000,972 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100819_020657.reg
[2010/08/17 00:32:28 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010/08/16 18:10:57 | 000,001,462 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100816_181053.reg
[2010/08/14 00:57:41 | 000,000,188 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100814_005737.reg
[2010/08/11 23:53:45 | 000,000,188 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100811_235340.reg
[2010/08/07 17:44:18 | 000,002,104 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100807_174415.reg
[2010/08/07 12:23:20 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Next Video Converter.lnk
[2010/08/07 12:14:34 | 000,001,662 | ---- | M] () -- C:\Users\Cenwyn\Desktop\MagicISO.lnk
[2010/08/07 10:26:37 | 000,848,685 | ---- | M] () -- C:\Users\Cenwyn\Desktop\Rejoice.wma
[2010/08/01 01:30:58 | 000,028,672 | ---- | M] () -- C:\Users\Cenwyn\Documents\Planet lists - total names.doc
[2010/08/01 01:30:07 | 000,032,768 | ---- | M] () -- C:\Users\Cenwyn\Documents\Reward Scheme for Starship Discovery Holiday Club.doc
[2010/07/31 18:35:12 | 000,000,950 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100731_183508.reg
[2010/07/23 01:24:59 | 000,367,616 | ---- | M] () -- C:\Users\Cenwyn\Documents\Ipod Touch problem.doc
[2010/07/23 00:45:57 | 000,209,889 | ---- | M] () -- C:\Users\Cenwyn\Documents\iTunes Diagnostics.spx
[2010/07/23 00:45:57 | 000,002,316 | ---- | M] () -- C:\Users\Cenwyn\Documents\iTunes Diagnostics.rtf
[2010/07/23 00:38:19 | 000,002,080 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100723_003815.reg
[2010/07/23 00:27:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/23 00:27:13 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/23 00:26:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/10 15:55:51 | 000,000,944 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100710_155546.reg
[2010/06/27 07:16:57 | 000,002,480 | ---- | M] () -- C:\Users\Cenwyn\Documents\cc_20100627_071650.reg
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Cenwyn\Documents\*.tmp files -> C:\Users\Cenwyn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/13 16:56:21 | 000,040,393 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Rock of Ages by Colin Webster For Church Use.pdf
[2010/09/11 17:46:32 | 000,053,760 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Songsheet 100912.doc
[2010/09/09 03:14:23 | 000,001,316 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100909_031421.reg
[2010/09/09 03:04:41 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/09 03:04:41 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/09/09 02:52:22 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/09/09 02:52:17 | 000,000,966 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Glary Utilities.lnk
[2010/09/09 02:37:37 | 000,000,036 | ---- | C] () -- C:\Users\Cenwyn\AppData\Local\housecall.guid.cache
[2010/09/08 22:38:24 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/09/05 00:26:10 | 000,002,186 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100905_002609.reg
[2010/09/04 12:02:06 | 000,873,472 | ---- | C] () -- C:\Users\Cenwyn\Documents\Windows Activation An Error has occurred.ppt
[2010/09/04 11:59:39 | 000,002,969 | ---- | C] () -- C:\Users\Cenwyn\Desktop\HiJackThis.lnk
[2010/09/04 08:09:40 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/04 08:02:46 | 000,070,144 | ---- | C] () -- C:\Users\Cenwyn\Desktop\ServiceRota_Aug_Sept 2010 FINAL.doc
[2010/09/02 19:37:04 | 000,000,188 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100902_193702.reg
[2010/08/29 01:40:45 | 000,000,838 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100829_014043.reg
[2010/08/29 01:02:45 | 000,001,114 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Auslogics Disk Defrag.lnk
[2010/08/28 00:11:36 | 000,000,830 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100828_001134.reg
[2010/08/27 19:41:23 | 000,074,930 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Aidan.jpg
[2010/08/26 19:10:01 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/08/26 06:37:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/25 22:46:29 | 000,003,690 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100825_224628.reg
[2010/08/25 21:40:33 | 000,017,408 | ---- | C] () -- C:\Users\Cenwyn\Documents\Sal Both.xls
[2010/08/25 08:27:38 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2010/08/25 08:20:29 | 000,018,604 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100825_082026.reg
[2010/08/25 06:59:58 | 000,000,020 | -HS- | C] () -- C:\Users\Cenwyn\ntuser.ini
[2010/08/25 06:59:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/25 01:42:11 | 1609,150,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/25 01:25:07 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/08/25 00:49:20 | 008,912,896 | -HS- | C] () -- C:\Users\Cenwyn\NTUSER.DAT
[2010/08/25 00:49:20 | 000,524,288 | -HS- | C] () -- C:\Users\Cenwyn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/25 00:49:20 | 000,524,288 | -HS- | C] () -- C:\Users\Cenwyn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/25 00:49:20 | 000,262,144 | -HS- | C] () -- C:\Users\Cenwyn\ntuser.dat.LOG1
[2010/08/25 00:49:20 | 000,065,536 | -HS- | C] () -- C:\Users\Cenwyn\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/25 00:49:20 | 000,000,290 | ---- | C] () -- C:\Users\Cenwyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/25 00:49:20 | 000,000,272 | ---- | C] () -- C:\Users\Cenwyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/25 00:49:20 | 000,000,000 | -HS- | C] () -- C:\Users\Cenwyn\ntuser.dat.LOG2
[2010/08/25 00:48:49 | 000,010,304 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 00:48:49 | 000,010,304 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 00:47:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/24 22:32:50 | 000,003,020 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Windows Compatibility Report.htm
[2010/08/24 22:23:25 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/08/24 22:12:09 | 000,000,188 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100824_221207.reg
[2010/08/24 22:05:41 | 003,975,168 | ---- | C] () -- C:\Users\Cenwyn\Documents\Programs.ppt
[2010/08/24 21:58:26 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/08/24 21:58:26 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/08/21 22:10:43 | 000,821,504 | ---- | C] () -- C:\Users\Cenwyn\Desktop\tesco-application-form-2-updated.pdf
[2010/08/21 19:25:31 | 000,049,152 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Songsheet 100822.doc
[2010/08/19 23:18:27 | 000,001,234 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100819_231825.reg
[2010/08/19 20:01:40 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2010/08/19 08:00:36 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Bible Explorer 4.lnk
[2010/08/19 02:46:02 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 02:34:29 | 000,197,120 | ---- | C] () -- C:\Users\Cenwyn\Documents\Doc1.doc
[2010/08/19 02:07:00 | 000,000,972 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100819_020657.reg
[2010/08/17 00:32:28 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010/08/17 00:32:27 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/08/16 18:10:55 | 000,001,462 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100816_181053.reg
[2010/08/14 00:57:40 | 000,000,188 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100814_005737.reg
[2010/08/11 23:53:42 | 000,000,188 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100811_235340.reg
[2010/08/07 17:44:17 | 000,002,104 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100807_174415.reg
[2010/08/07 12:23:20 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Next Video Converter.lnk
[2010/08/07 12:14:34 | 000,001,662 | ---- | C] () -- C:\Users\Cenwyn\Desktop\MagicISO.lnk
[2010/08/07 10:26:35 | 000,848,685 | ---- | C] () -- C:\Users\Cenwyn\Desktop\Rejoice.wma
[2010/08/01 01:30:58 | 000,028,672 | ---- | C] () -- C:\Users\Cenwyn\Documents\Planet lists - total names.doc
[2010/08/01 01:30:06 | 000,032,768 | ---- | C] () -- C:\Users\Cenwyn\Documents\Reward Scheme for Starship Discovery Holiday Club.doc
[2010/07/31 18:42:22 | 000,002,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
[2010/07/31 18:35:11 | 000,000,950 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100731_183508.reg
[2010/07/23 01:24:58 | 000,367,616 | ---- | C] () -- C:\Users\Cenwyn\Documents\Ipod Touch problem.doc
[2010/07/23 00:45:57 | 000,209,889 | ---- | C] () -- C:\Users\Cenwyn\Documents\iTunes Diagnostics.spx
[2010/07/23 00:45:57 | 000,002,316 | ---- | C] () -- C:\Users\Cenwyn\Documents\iTunes Diagnostics.rtf
[2010/07/23 00:38:17 | 000,002,080 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100723_003815.reg
[2010/07/10 15:55:49 | 000,000,944 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100710_155546.reg
[2010/06/27 07:16:54 | 000,002,480 | ---- | C] () -- C:\Users\Cenwyn\Documents\cc_20100627_071650.reg
[2010/03/24 18:20:38 | 000,023,888 | ---- | C] () -- C:\Users\Cenwyn\AppData\Roaming\UserTile.png
[2009/09/17 05:06:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/14 21:39:20 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/10 01:00:05 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2008/09/08 16:26:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder3.sys
[2008/03/31 22:24:55 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DVResampleru.dll
[2008/03/29 13:37:33 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2008/03/29 12:44:00 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/03/29 12:44:00 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/03/29 12:44:00 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/03/29 12:44:00 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/03/29 12:44:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/03/29 12:44:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/03/29 12:37:51 | 000,000,120 | ---- | C] () -- C:\Users\Cenwyn\AppData\Roaming\FixVTS.ini
[2008/02/19 08:42:14 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2008/01/27 22:43:48 | 000,000,052 | ---- | C] () -- C:\Users\Cenwyn\AppData\Roaming\Default.PLS
[2008/01/15 03:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2008/01/11 23:07:10 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2008/01/11 22:07:48 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2008/01/11 22:07:48 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2008/01/11 22:07:48 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2008/01/11 22:07:48 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2008/01/11 22:07:48 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2007/09/13 11:07:10 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/10/03 14:23:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/06/23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2010/08/25 01:12:03 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Anthropics
[2010/08/25 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Auslogics
[2010/08/25 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\AVG9
[2010/08/25 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/08/25 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\BonkEnc
[2010/08/25 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Canneverbe Limited
[2010/08/25 01:12:25 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\CheckPoint
[2010/08/25 01:12:26 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\DeepBurner
[2010/09/08 23:32:58 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\FileZilla
[2010/09/09 03:14:10 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\GlarySoft
[2010/08/25 01:12:26 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Grisoft
[2010/08/25 01:12:26 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\gtk-2.0
[2010/09/11 18:04:30 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Image Zone Express
[2010/08/25 01:12:26 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\LG Electronics
[2010/08/25 01:12:32 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\MyPublisher
[2010/08/25 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\NCH Swift Sound
[2008/01/10 01:43:09 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Opera
[2010/08/25 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Printer Info Cache
[2010/08/25 01:12:47 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\proDAD
[2010/09/02 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Registry Mechanic
[2010/08/25 01:12:49 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\Research In Motion
[2010/08/25 01:12:49 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\RipIt4Me
[2010/08/25 01:12:51 | 000,000,000 | ---D | M] -- C:\Users\Cenwyn\AppData\Roaming\TomTom
[2010/09/13 21:09:36 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2009/07/14 05:53:46 | 000,012,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Tim's Parliament.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Tim Cross Original.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\TFMS Confirmed Delegate form.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Terrabite.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Specification Hardline New Structure Templates 20090227.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Sound of Music Message 2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Sound of Music Invite.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\ROI Pork New 20081207.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Register Summer Life.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Presentation1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Photography Workshop.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Photography Workshop Scenes.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Photography Workshop Scenes Updated.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Niagra Falls 2.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Niagra Falls 1.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Moira Lancaster.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Let's Talk About It.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Ingredients from Heinz.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\house move pic.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Future Housing Growth.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Estate Agent Contract - Hatched.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\East%20of%20Luton%20Exhibition%20Boards[1].pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\DSC03527 New Web.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\DSC03524 New Web.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Directions to House From M4.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Directions to House From Letchworth.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Dic Penderyn.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Deirdre Vow 4.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Deirdre Vow 3.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Deirdre Vow 2.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Deirdre Vow 1.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\ChancelCheckNoteV2 - Chancel Repairs.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Cardiff Bay.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\Canal View.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Cenwyn\Documents\AudittrackerP1-P11120209.xls:Roxio EMC Stream
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
< End of report >





Extra.txt

OTL Extras logfile created on: 13/09/2010 21:14:35 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Cenwyn\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 915.92 Gb Total Space | 626.17 Gb Free Space | 68.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 15.57 Gb Total Space | 11.01 Gb Free Space | 70.67% Space Free | Partition Type: FAT32
Drive F: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1862.36 Gb Total Space | 1142.74 Gb Free Space | 61.36% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 519.72 Gb Free Space | 55.79% Space Free | Partition Type: NTFS

Computer Name: PERSONAL-PC
Current User Name: Cenwyn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel® Viiv™ Software
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F429FF7-8C47-40D7-AF6F-D8B090233D04}" = Image Data Converter SR
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 3.51
"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42442CA9-90E6-4011-BB55-7C263F6D5EC1}" = BIAS SoundSoap PE 2.1
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Tesco Easy Record
"{957645C3-8003-465B-839E-AFF5A5824B35}" = e-Sword
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A7F42FF0-05F0-47E7-9758-D68C37EDE7EF}" = Tesco PhotoRestyle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio Ultimate
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F55A5517-4AD4-4F5D-9290-2862E623C12B}" = Tesco Complete Office
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FB31B586-CB40-4407-A125-68175FF26AE0}" = BE Limited II UK Edition
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AVG9Uninstall" = AVG Free 9.0
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BE Limited II UK Edition" = BE Limited II UK Edition
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DoremiSoft RM to MP2 Converter" = DoremiSoft RM to MP2 Converter 1.0
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.1.2.0
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free Audio Converter CS" = Free Audio Converter CS
"Glary Utilities_is1" = Glary Utilities 2.27.0.982
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06
"Intel® Configuration Center" = Intel® Viiv™ Software
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MyPublisher" = MyPublisher
"NVIDIA Drivers" = NVIDIA Drivers
"PortraitProfessionalStudio9_is1" = Portrait Professional Studio 9.6
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROSetDX" = Intel® PRO Network Connections 12.1.12.0
"RealPlayer 6.0" = RealPlayer
"Speccy" = Speccy
"Spyder3Express" = Spyder3Express
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Switch" = Switch Sound File Converter
"SyncBack_is1" = SyncBack
"SystemRequirementsLab" = System Requirements Lab
"Tesco Personal Finance 1.0" = Tesco Personal Finance 1.0
"Tesco Photobook Creator_is1" = Tesco Photobook Creator
"TomTom HOME" = TomTom HOME 2.6.2.1586
"X10Hardware" = X10 Hardware™

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 September 2010 - 03:26 PM

Rootkit Unhooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>Drivers
==============================================
0x8F618000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9560064 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 190.38 )
0x82E4C000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E4C000 PnpManager 4259840 bytes
0x82E4C000 RAW 4259840 bytes
0x82E4C000 WMIxWDM 4259840 bytes
0x97640000 Win32k 2400256 bytes
0x97640000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x95615000 C:\Windows\system32\drivers\RTKVHDA.sys 1945600 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x89408000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x9042A000 C:\Windows\system32\DRIVERS\Ph3xIB32.sys 1314816 bytes (NXP Semiconductors, Ph3xIBxx)
0x8900C000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x912B6000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x88E13000 C:\Windows\system32\DRIVERS\iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8EE5A000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89238000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x88B0C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9D470000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8E21B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88A39000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88C34000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA42B8000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x89179000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x88F98000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9D58E000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9D53F000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x978B0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8EF11000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88D62000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88CB3000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91219000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88ACA000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x88BB7000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA4215000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x89582000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x892EF000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9D400000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88F5E000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8E315000 C:\Windows\System32\DRIVERS\cmdguard.sys 237568 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x8FF62000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8FF9B000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x82E15000 ACPI_HAL 225280 bytes
0x82E15000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88A00000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x88F0F000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9056B000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89362000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x89200000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89551000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9126E000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x895C9000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x905A2000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8913B000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FF38000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88D0C000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x893A5000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8932D000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x88EE3000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8E2B2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8EF93000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9D511000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8EE27000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E369000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8E2F6000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8EF5C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x893D7000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97920000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x913B0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9D43B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x88DD8000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x913CB000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8EE0E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9129D000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x88C10000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x905D8000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8EF7B000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8EFB5000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8EFCD000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EFE4000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E3C8000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9138E000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x88DC2000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8E200000 C:\Windows\system32\DRIVERS\inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0x89166000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x91200000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x88E00000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F600000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8EE48000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8E2A0000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89394000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9137D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F43000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9125D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88D41000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88AB1000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x913E5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89352000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x88C00000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88D52000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FFDE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88DF2000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x891ED000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E3BA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88DB4000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891D6000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8EE00000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88CA5000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9040D000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x95600000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90400000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x905F0000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9D532000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8E38A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x88FF2000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8E35D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x913A5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8E3AF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9041A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E3DF000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8FFD3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88D36000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8E3EA000 C:\Windows\System32\DRIVERS\cmdhlp.sys 40960 bytes (COMODO, COMODO Internet Security Helper Driver)
0x957F0000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x89000000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x893F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F54000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9D507000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x905CE000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x88F06000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x88EDA000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x891E4000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA4322000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x978A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88CFB000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88AC2000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x895F6000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC3000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88D04000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E397000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E39F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E3A7000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x895C1000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E356000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8E34F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x88DAD000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8E3F4000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E215000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8FFED000 C:\Windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x9059F000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x9D46E000 C:\Windows\system32\DRIVERS\nmsunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8FF36000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 190.38 )
0x90425000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9560D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


#5 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 September 2010 - 03:35 PM

Thank yo ufor getting back to me.

I have run the reports you requested tonight and posted them above.

I will not add or remove, or do anything else the system suggests that I do.

My symptoms started a few weeks ago witht he odd system memory dump (blue screen). This became more frequent until eventually the system was giving me constant beeping nosie and I ahd to shut down the power.

I thought it would help if I updgraded from Vista to Windows 7, as the overhead on the disk would be less? The frequency of the crashes became less for a short time. hoever, system memory dumps eventually turned into disk read errors.

I tried to use a couple of disk fragger tools, one said there was 40% fragmentation but after 20 mins or so didn't make any changes, or so i seemed; software still said 40%. This was Defragller.

I then ran Auslogics Defrag Tool; this seemed to work much better and took longer.

However the crashes kept happening until Windows was then suggesting I should run Chkdsk; but when I did, it told me it couldn't because of a software install? System kept crashing, suggesting Chkdsk, but failing to run it.

Eventually, the Windows automatically ran a 'disk fixing' software?

Do yo uneed to know anything else?
Thank you for getting back to me.

Regards

#6 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 September 2010 - 03:37 PM

Sorry, forgot to add that I still get the Windows Activation error code 0x8007000D from time to time.



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 13 September 2010 - 03:42 PM

This sounds more like ahrdware problems than malware, but lets check it.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 September 2010 - 04:38 PM

Hi, sorry but I could turn off some of the AVG 9 tools but there was no option to turn off the Antispyware nor Antivirus tools so I had to uninstall AVG 9.

Sorry.

Here's the log;

ComboFix 10-09-12.04 - Cenwyn 13/09/2010 22:19:40.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2046.1322 [GMT 1:00]
Running from: c:\users\Cenwyn\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Tesco Internet Security *disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-13 21:27 . 2010-09-13 21:27 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-09-13 21:27 . 2010-09-13 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-09 02:02 . 2010-09-09 02:14 -------- d-----w- c:\users\Cenwyn\AppData\Roaming\GlarySoft
2010-09-09 01:52 . 2010-09-09 01:52 -------- d-----w- c:\program files\Glary Utilities
2010-09-09 01:32 . 2010-09-09 01:32 -------- d-----w- c:\windows\system32\log
2010-09-08 21:38 . 2010-09-08 22:32 -------- d-----w- c:\users\Cenwyn\AppData\Roaming\FileZilla
2010-09-08 21:38 . 2010-09-08 21:38 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-05 00:22 . 2010-09-05 00:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 11:19 . 2010-09-04 11:28 -------- d-----w- C:\MGADiagToolOutput
2010-09-04 10:59 . 2010-09-04 10:59 388096 ----a-r- c:\users\Cenwyn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-04 10:59 . 2010-09-04 10:59 -------- d-----w- c:\program files\Trend Micro
2010-09-04 07:09 . 2010-09-04 07:09 -------- d-----w- c:\program files\iTunes
2010-09-04 07:05 . 2010-09-04 07:05 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-02 18:30 . 2010-09-02 18:30 -------- d-----w- c:\users\Cenwyn\AppData\Roaming\Registry Mechanic
2010-08-29 00:02 . 2010-08-29 00:02 -------- d-----w- c:\program files\Auslogics
2010-08-28 23:51 . 2010-08-28 23:54 -------- d-----w- c:\users\Cenwyn\AppData\Local\ElevatedDiagnostics
2010-08-26 18:14 . 2010-08-26 18:14 -------- d-----w- c:\programdata\COMODO
2010-08-26 18:09 . 2010-08-26 18:09 -------- d-----w- c:\program files\COMODO
2010-08-25 22:00 . 2010-08-28 23:53 -------- d-----w- c:\users\Cenwyn\AppData\Local\Diagnostics
2010-08-25 21:36 . 2010-08-25 21:36 -------- d-----w- c:\windows\Internet Logs
2010-08-25 17:29 . 2010-08-25 17:29 -------- d-----w- c:\program files\Apple Software Update
2010-08-25 08:42 . 2010-08-25 05:59 -------- d-----w- c:\windows\Panther
2010-08-25 08:35 . 2010-08-25 00:26 -------- d-----w- C:\$WINDOWS.~Q
2010-08-25 08:27 . 2010-08-25 08:32 -------- d-----w- C:\$INPLACE.~TR
2010-08-25 07:21 . 2010-08-25 07:21 99024 ----a-w- c:\users\Cenwyn\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-25 07:07 . 2010-08-25 07:07 -------- d-----w- c:\windows\system32\Wat
2010-08-25 07:01 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-25 07:00 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-25 07:00 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-25 07:00 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-25 07:00 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-25 07:00 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-25 06:57 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-25 05:59 . 2010-08-25 05:59 -------- d-----w- C:\Recovery
2010-08-25 02:09 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-25 02:09 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-25 02:09 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 02:08 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-25 02:08 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-25 02:08 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-08-25 02:08 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-08-25 02:08 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-08-25 02:08 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-08-25 02:08 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-25 02:08 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-25 02:08 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-08-25 02:08 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-25 02:05 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-25 02:03 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-25 02:03 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-25 02:03 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-08-25 02:02 . 2009-07-15 00:54 485920 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-25 00:49 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-25 00:49 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-25 00:47 . 2010-09-13 21:21 -------- d-----w- c:\windows\system32\wbem\Performance
2010-08-25 00:25 . 2010-08-25 00:25 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-25 00:15 . 2010-08-25 00:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-08-24 23:47 . 2010-08-24 23:47 -------- d-----w- c:\windows\system32\RTCOM
2010-08-24 22:03 . 2010-08-24 22:03 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\1
2010-08-24 21:24 . 2010-08-25 00:11 -------- d-----w- c:\users\Cenwyn\AppData\Local\Microsoft Corporation
2010-08-24 21:23 . 2010-08-24 23:55 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-08-19 07:08 . 2007-04-03 01:38 270336 ----a-w- c:\programdata\WORDsearch\Bible Explorer 4\Updates\BackupFiles\ProgramFiles\resources.dll
2010-08-19 07:08 . 2008-04-01 14:42 5166592 ----a-w- c:\programdata\WORDsearch\Bible Explorer 4\Updates\BackupFiles\ProgramFiles\BibleExplorer.exe
2010-08-19 07:07 . 2009-07-07 14:19 5053440 ----a-w- c:\programdata\WORDsearch\Bible Explorer 4\Updates\NewFiles\ProgramFiles\BibleExplorer.exe
2010-08-19 07:07 . 2008-08-26 11:28 270336 ----a-w- c:\programdata\WORDsearch\Bible Explorer 4\Updates\NewFiles\ProgramFiles\resources.dll
2010-08-19 07:03 . 2010-08-25 00:11 -------- d-----w- c:\users\Cenwyn\AppData\Local\WSStepImport
2010-08-19 07:00 . 2010-08-24 23:59 -------- dc-h--w- c:\programdata\{FC11E22B-D5AA-4712-A448-BA89818FEE4E}
2010-08-19 07:00 . 2008-09-03 16:33 2562397 -c--a-r- c:\programdata\{FC11E22B-D5AA-4712-A448-BA89818FEE4E}\Setup.exe
2010-08-19 06:52 . 2010-08-19 06:52 -------- d-----w- c:\programdata\wsc
2010-08-19 06:52 . 2010-08-25 00:11 -------- d-----w- c:\users\Cenwyn\AppData\Local\Bible Explorer 4
2010-08-19 06:52 . 2010-08-24 23:59 -------- d-----w- c:\programdata\WORDsearch
2010-08-19 06:52 . 2010-08-24 23:53 -------- d-----w- c:\program files\Common Files\WORDsearch
2010-08-19 06:52 . 2010-08-24 23:52 -------- d-----w- c:\program files\Bible Explorer 4
2010-08-19 01:45 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 01:45 . 2010-08-24 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 01:45 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 01:02 . 2010-08-24 23:56 -------- d-----w- c:\program files\QuickTime
2010-08-18 19:02 . 2010-08-27 23:03 -------- d-----w- c:\users\Cenwyn\Old Desktop
2010-08-16 23:32 . 2010-08-25 00:12 -------- d-----w- c:\users\Cenwyn\AppData\Roaming\Canneverbe Limited
2010-08-16 23:32 . 2010-08-24 23:58 -------- d-----w- c:\programdata\Canneverbe Limited
2010-08-16 23:32 . 2009-11-12 13:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-16 23:32 . 2010-08-24 23:52 -------- d-----w- c:\program files\CDBurnerXP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 17:04 . 2008-01-09 15:26 -------- d-----w- c:\users\Cenwyn\AppData\Roaming\Image Zone Express
2010-09-09 02:05 . 2008-09-10 01:00 -------- d-----w- c:\program files\Investintech.com Inc
2010-09-04 07:09 . 2008-02-04 23:46 -------- d-----w- c:\program files\Common Files\Apple
2010-09-04 07:09 . 2008-02-04 23:31 -------- d-----w- c:\program files\iPod
2010-09-02 18:34 . 2008-01-09 22:51 -------- d-----w- c:\program files\CCleaner
2010-09-02 18:25 . 2008-03-02 11:32 -------- d-----w- c:\program files\SpywareBlaster
2010-08-27 23:41 . 2009-03-13 15:52 -------- d-----w- c:\program files\Defraggler
2010-08-26 18:08 . 2010-04-21 07:23 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-26 05:37 . 2010-08-26 05:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-25 21:45 . 2008-01-13 22:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-25 21:43 . 2008-11-04 22:55 -------- d-----w- c:\program files\Yahoo!
2010-08-25 07:27 . 2009-12-01 23:50 -------- d-----w- c:\program files\Speccy
2010-08-25 07:07 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-25 02:03 . 2007-09-13 10:34 -------- d-----w- c:\programdata\NVIDIA
2010-08-24 23:59 . 2010-04-27 20:03 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-24 23:58 . 2009-09-17 00:24 -------- d-----w- c:\programdata\MemeoCommon
2010-08-24 23:57 . 2007-09-13 10:47 -------- d-----w- c:\program files\X10 Hardware
2010-08-24 23:56 . 2008-12-26 16:18 -------- d-----w- c:\program files\Real
2010-08-24 23:56 . 2008-01-11 21:30 -------- d-----w- c:\program files\proDAD
2010-08-24 23:56 . 2010-04-15 06:21 -------- d-----w- c:\program files\Portrait Professional Studio 9
2010-08-24 23:56 . 2008-01-11 20:58 -------- d-----w- c:\program files\Pinnacle
2010-08-24 23:54 . 2007-09-13 10:22 -------- d-----w- c:\program files\Intel
2010-08-24 23:54 . 2007-09-13 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 23:54 . 2008-01-06 15:48 -------- d-----w- c:\program files\HP
2010-08-24 23:54 . 2007-09-13 12:56 -------- d-----w- c:\program files\Home Cinema
2010-08-24 23:54 . 2008-06-28 13:07 -------- d-----w- c:\program files\Google
2010-08-24 23:54 . 2008-03-29 11:52 -------- d-----w- c:\program files\GPL MPEG Decoder
2010-08-24 23:52 . 2010-04-21 23:22 -------- d-----w- c:\program files\CheckPoint
2010-08-24 23:52 . 2010-06-20 12:58 -------- d-----w- c:\program files\Bonjour
2010-08-24 23:52 . 2010-04-15 05:59 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-24 23:52 . 2008-01-11 21:32 -------- d-----w- c:\program files\BIAS
2010-08-24 23:52 . 2008-04-30 18:09 -------- d-----w- c:\program files\AVG
2010-08-24 23:52 . 2008-04-30 20:20 -------- d-----w- c:\program files\Astonsoft
2010-08-24 23:52 . 2008-01-11 21:51 -------- d-----w- c:\program files\AdorageI-SAL
2010-08-24 23:52 . 2008-01-11 21:51 -------- d-----w- c:\program files\AdorageI-GfxDatas
2010-08-24 23:51 . 2009-06-22 02:37 -------- d-----w- c:\program files\7-Zip
2010-08-24 23:51 . 2009-09-17 00:33 -------- d-----w- c:\program files\2BrightSparks
2010-08-24 23:47 . 2010-08-24 23:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-24 21:43 . 2008-02-21 02:53 -------- d-----w- c:\users\Cenwyn\AppData\Roaming\SUPERAntiSpyware.com
2010-06-30 06:25 . 2010-08-25 02:06 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-25 02:07 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-25 02:07 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-25 02:07 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-25 02:06 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33 . 2010-08-25 02:06 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-16 05:48 . 2010-08-25 02:06 224256 ----a-w- c:\windows\system32\schannel.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Cenwyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Cenwyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Cenwyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2007-04-06 13:11 215512 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-07-12 15:36 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
2007-04-06 13:07 439768 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 16:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 12:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 14:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 12:22 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-01-04 17:25 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-04-08 10:38 251240 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-01-12 18:42 155648 ----a-w- c:\program files\Home Cinema\TV Enhance\TVEService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-25 1343400]
R4 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-04-06 39896]
R4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R4 gupdate1c9a8c9e509c5a0;Google Update Service (gupdate1c9a8c9e509c5a0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 133104]
R4 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-04-06 313816]
R4 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-04-06 272856]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R4 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-01-12 290908]
R4 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-01-12 114778]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]


--- Other Services/Drivers In Memory ---

*Deregistered* - AvgTdiX
*Deregistered* - Vsdatant

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-09 10:21]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 19:35]

2010-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 19:35]

2008-09-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-02-19 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
uInternet Settings,ProxyOverride = *.local
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
TCP: {3EC7CCE4-9BCA-475C-80E0-4C1CFF7204A7} = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-09-13 22:34:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-13 21:34

Pre-Run: 672,509,849,600 bytes free
Post-Run: 672,214,609,920 bytes free

- - End Of File - - 286D48FC807B4A3D879DC57A7D0D5551


#9 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 September 2010 - 01:58 AM

Sorry, but windows wanted to do another repair and restore this morning.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 14 September 2010 - 06:03 AM

Can you do a Windows 7 Startup Repair and see if that makes a difference?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 September 2010 - 12:55 PM

Hi, this links to Windows Vista repair?

Not sure what to do here.

I had Vista originally on the pc, but upgraded to Windows 7.

Therefore I have a Recovery disc for Windows Vista, but the update disc for Windows 7.

Which disc should I be using?

Many thanks.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,252 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:10 PM

Posted 14 September 2010 - 01:04 PM

Sorry, I should have made a mention. Use the Windows 7 disk. The instructions should work for Windows 7 as well since the startup repair is very similar.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 September 2010 - 06:19 PM

It says it found no problems. sad.gif

I'm now testing for memory issues

#14 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 September 2010 - 06:32 PM

hmmm, it said it would produce a report for the memory diagnostic, but I cant see it. I wonder where it saved that?

Also, it seems I have two desktop.ini files, links to them now showing on my desktop

#15 C Jones

C Jones
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 September 2010 - 07:11 PM

Looking at the Administrative Events tool, there seems to be a huge number of erros on a daily basis, and Warnings and Critical errors too.

Not sure how to export a report that I can list here though




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users