Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, cpu moistly running at 100%


  • This topic is locked This topic is locked
17 replies to this topic

#1 canadiannancy

canadiannancy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 21 May 2011 - 02:08 PM

A friend reccomened i run combofix...i did, not what? here is my log of it.


ComboFix 11-05-19.02 - MARTIN FAMILY 21/05/2011 14:37:20.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2814.2011 [GMT -4:00]
Running from: c:\users\MARTIN FAMILY\Desktop\ComboFix.exe
AV: Rogers Online Protection Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Rogers Online Protection Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Rogers Online Protection Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 18:50 . 2011-05-21 18:50 -------- d-----w- c:\users\MARTIN FAMILY\AppData\Local\temp
2011-05-21 18:50 . 2011-05-21 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-21 18:35 . 2011-05-21 18:35 -------- d-----w- C:\32788R22FWJFW
2011-05-20 12:59 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA6B0182-7757-48CD-85C7-6373A8D270C2}\mpengine.dll
2011-05-14 03:24 . 2011-05-14 03:24 -------- d-----w- C:\.jagex_cache_32
2011-05-14 01:21 . 2011-05-14 01:22 -------- d-----w- c:\windows\LastGood.Tmp
2011-05-14 01:21 . 2010-12-07 18:23 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-05-14 01:21 . 2010-12-07 18:23 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-05-14 01:21 . 2010-12-07 18:23 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-05-14 01:21 . 2010-12-07 18:22 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-05-14 01:21 . 2011-05-14 01:21 -------- d-----w- c:\program files\LG Electronics
2011-05-14 01:04 . 2011-05-14 01:04 -------- d-----w- C:\LGP500H
2011-05-14 01:00 . 2006-05-04 12:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-05-14 01:00 . 2005-10-04 05:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-05-14 01:00 . 2011-05-14 01:01 -------- d-----w- c:\programdata\LGMOBILEAX
2011-05-11 00:57 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-02 01:20 . 2011-05-02 01:20 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-30 16:12 . 2011-04-30 16:12 -------- d-----w- c:\users\MARTIN FAMILY\AppData\Local\{927E969C-8FFD-4A06-9EB8-3E913174692E}
2011-04-28 00:49 . 2011-04-28 00:49 -------- d-----w- c:\users\MARTIN FAMILY\AppData\Roaming\Unity
2011-04-28 00:11 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 00:11 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 00:11 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 23:57 . 2011-04-27 23:57 -------- d-----w- c:\users\MARTIN FAMILY\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 12:47 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 12:38 . 2011-04-08 12:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-08 12:38 . 2011-04-08 12:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-08 12:38 . 2011-04-08 12:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-08 12:38 . 2011-04-08 12:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-08 12:38 . 2011-04-08 12:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-08 12:38 . 2011-04-08 12:38 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-08 12:37 . 2011-04-08 12:37 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-08 12:37 . 2011-04-08 12:37 367104 ----a-w- c:\windows\system32\html.iec
2011-04-08 12:37 . 2011-04-08 12:37 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-08 12:37 . 2011-04-08 12:37 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-08 12:37 . 2011-04-08 12:37 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-08 12:37 . 2011-04-08 12:37 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-08 12:37 . 2011-04-08 12:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-08 12:37 . 2011-04-08 12:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-08 12:37 . 2011-04-08 12:37 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-08 12:37 . 2011-04-08 12:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-08 12:37 . 2011-04-08 12:37 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-08 12:37 . 2011-04-08 12:37 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-08 12:37 . 2011-04-08 12:37 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-08 12:37 . 2011-04-08 12:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-08 12:37 . 2011-04-08 12:37 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 17:03 . 2011-04-13 06:15 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 06:15 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-13 06:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 00:11 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 00:11 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 00:11 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 00:11 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-13 06:14 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-13 06:15 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13 . 2011-03-23 06:11 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 06:11 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 06:11 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-13 06:15 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-13 06:15 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-13 06:15 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-13 06:15 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-29 14:02 . 2011-03-23 20:49 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-01-06 00:35 . 2009-12-10 08:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-12-05 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-05 16:21 2735200 ----a-w- c:\program files\Zynga\tbZyn0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-12-05 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-12-05 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VaultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-06-07 17:46 344064 ----a-w- c:\program files\Rogers Backup Manager\VaultClientMenu.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\MARTIN FAMILY\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"Magellan CmTray"="c:\program files\Content Manager\CmTray.exe" [2010-12-08 458752]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-02-16 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-01-06 30192]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"BigDog303"="c:\windows\VM303_STI.EXE" [2006-01-25 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2011-01-04 4318520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-01-13 395192]
.
c:\users\MARTIN FAMILY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
R2 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [2010-06-07 166944]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 19456]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-01-06 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R4 Realtek92U;Realtek92U;c:\program files\Realtek\8192U Wireless LAN Utility\RtlService.exe [2007-07-27 36864]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-07-16 24576]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe [2011-01-04 689464]
S2 VaultClientSRV;Rogers Backup Manager Service;c:\program files\Rogers Backup Manager\VaultClientSRV.exe [2010-06-07 1053936]
S2 VaultClientUpgrade;Rogers Backup Manager Upgrade Service;c:\program files\Rogers Backup Manager\VaultClientUpgrade.exe [2010-06-07 120048]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192u.sys [2009-03-05 432640]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 82351225
*Deregistered* - 82351225
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 21:49]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 21:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=1&o=vb32&d=1109&m=el1300
uInternet Settings,ProxyServer = 74.82.5.17:3128
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/reqs.php#confirm_46755028429_0|http://ca.mg202.mail.yahoo.com/dc/launch?.gx=1&.rand=fj6f5c4eo5mq1|http://by146w.bay146.mail.live.com/default.aspx?wa=wsignin1.0
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause-caamcl&type=60399&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 14:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????@?@??????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,c1,cb,20,93,68,de,4a,ae,99,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,c1,cb,20,93,68,de,4a,ae,99,a7,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7896)
c:\program files\Rogers Backup Manager\VaultClientMenu.dll
c:\program files\Rogers Backup Manager\LIBEXPAT.dll
c:\program files\Rogers Backup Manager\VaultClientCOM.dll
.
Completion time: 2011-05-21 14:55:03
ComboFix-quarantined-files.txt 2011-05-21 18:54
.
Pre-Run: 174,311,161,856 bytes free
Post-Run: 174,198,345,728 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=17 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
- - End Of File - - 9CF622C1F0F2B16B59A0A917F311C6FB



Please help.

just wondered if anyone could help me with this please?

EDIT: Please be patient. There are over 340 unanswered topics in this forum at present and the current average wait time to receive help is 12 days. ~Budapest

Edited by Budapest, 25 May 2011 - 07:23 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 29 May 2011 - 03:28 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 29 May 2011 - 12:57 PM

I am watching this topic and ready to do what i am told :) Thank you.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 29 May 2011 - 01:48 PM

Combofix's log shows nothing so we next need to check for rootkit activity

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 29 May 2011 - 05:17 PM

here is the log

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 29 May 2011 - 07:47 PM

Nothing there. I think that the symptoms are showing a problem with the computer rather than a malware infection but look a bit deeper

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Then scan the system with OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#7 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 29 May 2011 - 08:07 PM

OTL logfile created on: 29/05/2011 8:55:55 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\MARTIN FAMILY\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.39% Memory free
5.70 Gb Paging File | 4.29 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 162.39 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: MARTINFAMILY-PC | User Name: MARTIN FAMILY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\MARTIN FAMILY\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
PRC - C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe (Rogers)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe (Rogers)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe (Rogers)
PRC - C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe (Radialpoint SafeCare Inc.)
PRC - C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe (Radialpoint SafeCare Inc.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\VM303_STI.EXE (Vimicro)


========== Modules (SafeList) ==========

MOD - C:\Users\MARTIN FAMILY\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (scan) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll (S.C. BitDefender S.R.L)
SRV - (ServicepointService) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe (Radialpoint Inc.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Radialpoint Security Services) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe (Rogers)
SRV - (RP_FWS) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe (Rogers)
SRV - (VaultClientUpgrade) -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe (Radialpoint SafeCare Inc.)
SRV - (VaultClientSRV) -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe (Radialpoint SafeCare Inc.)
SRV - (RadialpointIDSAgent) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Realtek92U) -- C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe (Realtek)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (RPSKT) Security Services Driver (x86) -- C:\Windows\System32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Trufos) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys (BitDefender S.R.L.)
DRV - (RadialpointIDSDriver) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
DRV - (RadialpointIDSFilter) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
DRV - (RadialpointIDSShim) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )
DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (RTL8192U) -- C:\Windows\System32\drivers\RTL8192u.sys (Realtek Semiconductor Corporation )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ZSMC303) VIMICRO USB PC Camera (VC0303) -- C:\Windows\System32\drivers\usbVM303.sys (Vimicro Corporation)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=1&o=vb32&d=1109&m=el1300
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\MARTIN FAMILY\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 74.82.5.17:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/reqs.php#confirm_46755028429_0|http://ca.mg202.mail.yahoo.com/dc/launch?.gx=1&.rand=fj6f5c4eo5mq1|http://by146w.bay146.mail.live.com/default.aspx?wa=wsignin1.0"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {091dc955-8128-4a3d-bd56-88e400cc28c6}:1.300.306
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
FF - prefs.js..extensions.enabledItems: bearbluebaby@loic.com:2.1.17
FF - prefs.js..extensions.enabledItems: {3A9F26B5-7451-4922-9E2F-CD83E7F454EF}:1.5
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause-caamcl&type=60399&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/08 20:21:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/02/15 11:59:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 10:02:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:20:48 | 000,000,000 | ---D | M]

[2011/03/16 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Extensions
[2009/11/07 20:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/04 17:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/03/16 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/27 23:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions
[2010/04/28 14:17:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/01 11:49:27 | 000,000,000 | ---D | M] (GodofWar) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions\{3A9F26B5-7451-4922-9E2F-CD83E7F454EF}
[2011/01/01 00:38:06 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/05/27 23:17:29 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/11/15 15:58:21 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/10/15 12:12:03 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\extensions\youtube2mp3@mondayx.de
[2009/11/26 01:19:56 | 000,001,747 | ---- | M] () -- C:\Users\MARTIN FAMILY\AppData\Roaming\Mozilla\Firefox\Profiles\hf60mg7x.default\searchplugins\search-the-web.xml
[2011/03/23 16:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/29 10:02:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/06/01 09:19:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/01 11:08:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 10:13:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/01 12:46:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/02 18:05:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/15 11:59:30 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
() (No name found) -- C:\USERS\MARTIN FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HF60MG7X.DEFAULT\EXTENSIONS\{091DC955-8128-4A3D-BD56-88E400CC28C6}.XPI
() (No name found) -- C:\USERS\MARTIN FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HF60MG7X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/29 10:02:18 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/01/05 20:35:18 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/12/22 11:58:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/12/22 11:58:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/12/22 11:58:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/12/22 11:58:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/12/22 11:58:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/12/22 11:58:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/12/22 11:58:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/11/26 17:39:03 | 000,002,359 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/01/05 20:35:21 | 000,002,020 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\googledesktop.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\MARTIN FAMILY\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Magellan CmTray] C:\Program Files\Content Manager\CmTray.exe (MiTAC Digital Corporation.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\MARTIN FAMILY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MARTIN FAMILY\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\MARTIN FAMILY\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 19:03:38 | 000,000,000 | ---D | C] -- C:\Users\MARTIN FAMILY\AppData\Local\Conduit
[2011/05/21 14:55:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/21 14:55:07 | 000,000,000 | ---D | C] -- C:\Users\MARTIN FAMILY\AppData\Local\temp
[2011/05/21 14:53:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/21 14:35:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/21 14:35:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/21 14:35:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/21 13:21:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/21 13:21:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/21 13:21:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/21 13:14:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/21 13:05:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/15 22:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/15 22:34:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/13 23:24:53 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2011/05/13 21:21:39 | 000,025,088 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgandmodem.sys
[2011/05/13 21:21:39 | 000,020,736 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lganddiag.sys
[2011/05/13 21:21:39 | 000,020,096 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgandgps.sys
[2011/05/13 21:21:38 | 000,014,336 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgandbus.sys
[2011/05/13 21:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011/05/13 21:04:17 | 000,000,000 | ---D | C] -- C:\LGP500H
[2011/05/13 21:00:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2011/05/13 21:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2011/05/13 21:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2011/05/01 21:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/30 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\MARTIN FAMILY\AppData\Local\{927E969C-8FFD-4A06-9EB8-3E913174692E}
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 20:50:47 | 000,000,856 | ---- | M] () -- C:\Users\MARTIN FAMILY\Desktop\OTL - Shortcut.lnk
[2011/05/29 20:50:18 | 000,000,887 | ---- | M] () -- C:\Users\MARTIN FAMILY\Desktop\MBRCheck - Shortcut.lnk
[2011/05/29 20:24:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 20:24:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 18:15:16 | 000,000,512 | ---- | M] () -- C:\Users\MARTIN FAMILY\Desktop\MBR.dat
[2011/05/29 18:05:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 16:35:06 | 000,000,875 | ---- | M] () -- C:\Users\MARTIN FAMILY\Desktop\aswMBR - Shortcut.lnk
[2011/05/29 11:04:09 | 000,620,172 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 11:04:08 | 000,112,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 01:05:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/28 00:56:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/21 14:24:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/05/21 14:24:33 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/21 14:24:32 | 000,037,685 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/21 14:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/21 13:20:30 | 004,352,567 | R--- | M] () -- C:\Users\MARTIN FAMILY\Desktop\ComboFix.exe
[2011/05/21 13:17:24 | 004,352,567 | ---- | M] () -- C:\Users\MARTIN FAMILY\Desktop\ComboFix.exe.kj3301h.partial
[2011/05/15 22:36:24 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/15 22:29:07 | 000,001,957 | ---- | M] () -- C:\Users\MARTIN FAMILY\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/13 23:36:14 | 000,000,129 | ---- | M] () -- C:\Users\MARTIN FAMILY\jagex_runescape_preferences2.dat
[2011/05/13 23:25:12 | 000,000,038 | ---- | M] () -- C:\Users\MARTIN FAMILY\jagex_runescape_preferences.dat
[2011/05/13 21:01:51 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2011/05/13 21:01:09 | 000,000,769 | ---- | M] () -- C:\Users\MARTIN FAMILY\Desktop\LGMobile update.lnk
[2011/05/02 23:48:43 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/05/01 21:20:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 20:50:47 | 000,000,856 | ---- | C] () -- C:\Users\MARTIN FAMILY\Desktop\OTL - Shortcut.lnk
[2011/05/29 20:50:18 | 000,000,887 | ---- | C] () -- C:\Users\MARTIN FAMILY\Desktop\MBRCheck - Shortcut.lnk
[2011/05/29 18:15:16 | 000,000,512 | ---- | C] () -- C:\Users\MARTIN FAMILY\Desktop\MBR.dat
[2011/05/29 16:35:06 | 000,000,875 | ---- | C] () -- C:\Users\MARTIN FAMILY\Desktop\aswMBR - Shortcut.lnk
[2011/05/21 13:21:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/21 13:21:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/21 13:21:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/21 13:21:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/21 13:21:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/21 13:18:23 | 004,352,567 | R--- | C] () -- C:\Users\MARTIN FAMILY\Desktop\ComboFix.exe
[2011/05/21 13:17:24 | 004,352,567 | ---- | C] () -- C:\Users\MARTIN FAMILY\Desktop\ComboFix.exe.kj3301h.partial
[2011/05/15 22:36:24 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/13 21:01:09 | 000,000,769 | ---- | C] () -- C:\Users\MARTIN FAMILY\Desktop\LGMobile update.lnk
[2011/05/13 21:00:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/05/13 21:00:57 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/05/01 21:20:48 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/01 21:20:48 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/11/03 21:32:28 | 000,000,228 | ---- | C] () -- C:\Users\MARTIN FAMILY\AppData\Roaming\wklnhst.dat
[2010/05/17 19:19:40 | 000,003,100 | ---- | C] () -- C:\ProgramData\lxdf
[2010/04/09 12:01:07 | 000,037,376 | ---- | C] () -- C:\Users\MARTIN FAMILY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 00:51:34 | 000,000,000 | ---- | C] () -- C:\Users\MARTIN FAMILY\AppData\Local\prvlcl.dat
[2009/11/28 19:25:02 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/11/28 19:22:08 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/11/28 18:58:00 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLdNL.DLL
[2009/11/08 21:25:32 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/11/07 20:39:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/07 20:23:38 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/07 20:20:15 | 000,037,685 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/07 16:18:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/07 16:18:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/05 19:37:00 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/11/05 18:51:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/10/21 15:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/02/19 06:37:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,320,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,620,172 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,112,020 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/10/12 10:37:06 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\AVG10
[2010/11/05 18:55:34 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\Canon
[2011/01/22 01:16:07 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1
[2010/08/03 03:22:41 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\Digital Support
[2010/01/13 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\Lexmark Productivity Studio
[2011/04/17 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\LimeWire
[2010/05/14 13:58:11 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\mjusbsp
[2010/05/10 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\OpenOffice.org
[2011/02/15 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\RoboForm
[2011/01/10 01:26:10 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\Rogers Online Protection
[2009/11/28 19:21:51 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\ScanSoft
[2010/11/03 21:32:59 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\Template
[2010/09/04 17:55:48 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\TomTom
[2011/04/27 20:49:40 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\Unity
[2009/11/07 12:49:12 | 000,000,000 | ---D | M] -- C:\Users\MARTIN FAMILY\AppData\Roaming\WildTangent
[2011/05/09 12:59:40 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

OTL Extras logfile created on: 29/05/2011 8:55:55 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\MARTIN FAMILY\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.39% Memory free
5.70 Gb Paging File | 4.29 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 162.39 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: MARTINFAMILY-PC | User Name: MARTIN FAMILY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F7D117-C74B-4516-A607-FCF7BBE0155B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0B201928-B45B-4715-BC8D-49B987CB3160}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2081C886-1664-4E52-9198-66A5F68DCC4E}" = lport=139 | protocol=6 | dir=in | app=system |
"{20E013DC-6294-42D8-B843-4AC6E881D67B}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{230756D2-8583-4045-9851-893E37B33EB5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25106CA4-FA67-433A-A072-1C89AC6BD3F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2C4A3F88-72F8-4A48-ADF9-A124D3FBCF2D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2E41A9E9-57E7-4CE8-B920-38502FFE5D63}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EA9F8D5-256E-4494-9476-825D46173231}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{4CE2B55F-31E3-468E-9305-CF15D5E37FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4DBF3D83-9446-493B-AEB4-B0C67BC4E45A}" = lport=138 | protocol=17 | dir=in | app=system |
"{82FB04D2-DD4D-441F-B506-4DFC40E78CC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83B1F494-9255-46E4-B609-2B5ACAE85A83}" = rport=138 | protocol=17 | dir=out | app=system |
"{88830FB9-5DD1-4248-AC3E-754C0EE66710}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{89513E5B-9DC7-4A61-8175-2E8FC9382F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B28A0111-3087-4BD4-B09B-50F472698329}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB6D6036-DF8F-4CAD-9DC1-391A81870BCB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CC7F95E4-12D0-4287-9ABA-46308EBE4F93}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CED251C1-05E7-49EA-9541-FC0ECE6B659D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3465FFB-AB07-44AE-A565-FCDC23D1EE07}" = lport=137 | protocol=17 | dir=in | app=system |
"{D39CCC53-C8AA-48DB-8B93-F4503D9032CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E167EE1E-0DC1-4053-8DB7-0B00C94351E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2EEEC67-7E9E-4C7B-B9EB-96E2080469C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBB6731E-FD9D-4CDC-AF03-70DEFF8D0201}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0602807A-1B50-4763-8122-AAF55D9A7021}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{08E25968-4B8D-420D-84BA-03FC23BF0EA7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{151058EE-D653-4283-8DC1-F4736F923DF7}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{15656827-A9AC-4DE8-B7FF-024CEA6E59EE}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{16A2F8EC-3375-486F-8D1A-64339D9E2511}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1BE3A6B3-0B67-4956-9EA0-5078AE2DC140}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D419DE8-A13A-4ED9-A438-5D39A2099AF1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FFA280D-175E-448B-A592-9DD9F6781798}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{39FF23BF-13AC-402D-B5D2-C3CC49AB1A66}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{42F82AA1-5609-427F-9952-E6430656233A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{440D8C7E-BE2D-4E1D-AFB5-8ABFFA1B2AEA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4CD0CB3A-A743-4922-9A0F-C9FA5AFA189B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{59688BAE-D9FE-4664-8BB7-1885D6F24BAE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5A424FF5-CD20-43A5-972A-1DE39ABB9CBE}" = protocol=17 | dir=in | app=c:\program files\realtek\8192u wireless lan utility\rtwlan.exe |
"{5AC6D89E-7D35-4372-B18E-160059F7AAC6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{622B3B46-8804-4FE6-A76F-CF7370CC87E5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6374833D-65D2-4C8F-ADF9-6B1CB03C7511}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{67A17C44-E860-4BDE-B2CD-EB91B97AC937}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{731DC5C1-29C0-4662-BEC1-7A73493BB242}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7470BEEE-A932-4262-B01E-8B9B8337D251}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78D98D5A-4F48-4F50-92A4-D6A5C50A5480}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EAAEB0D-C7EB-4813-8DDE-E6E67D63EAD3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{805B9F59-4865-4C5F-86CE-0D85B23B6628}" = protocol=6 | dir=in | app=c:\program files\rogers online protection\rogers servicepoint agent\servicepointservice.exe |
"{92F1AA5E-48A9-474E-8275-1A1F3C5DC3CA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{939DB2E0-7725-49F3-8BCB-26B37C6573BB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{9616CBCF-BB6A-4927-BF21-ED1FA15C1264}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{96F5B300-4191-41C6-BEEE-9978DD55437C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{9AC68EF5-8492-4140-B55C-A44A2B09050F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A05EDB01-8CEA-4BD7-883E-0E660F7D13F1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{A2E8051E-0DA3-46F6-A436-71573F874796}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B71BF65B-C0CA-414C-8F8F-9284CD3CF833}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BAA13978-5E20-46DF-A62F-0C120161F248}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BB5CEE04-CEE2-441D-9D30-209FF58EB6E3}" = protocol=6 | dir=in | app=c:\program files\realtek\8192u wireless lan utility\rtwlan.exe |
"{CB133560-0FE0-4F3E-8731-CCD7AD7EBD95}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E6CBB34A-5EDF-4AB8-8F72-80AB9D340E0B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E7F33754-A542-4419-B308-2E0F51126347}" = protocol=17 | dir=in | app=c:\program files\rogers online protection\rogers servicepoint agent\servicepointservice.exe |
"{F3522EEB-DFBF-41C8-B42E-A7BFC147D968}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F7E4478C-26D7-4FFA-8DF4-54F84D96EF76}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{26F7FC4F-3DB5-4364-9952-F72E948A6E5F}C:\program files\freephoneline\freephoneline.exe" = protocol=6 | dir=in | app=c:\program files\freephoneline\freephoneline.exe |
"TCP Query User{508B41C9-85C5-4377-8365-495D76F578D2}C:\users\martin family\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\martin family\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{65FAEDEB-920C-450C-935F-CCF94190C6C0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E67DEBFC-28EB-43A2-8B3B-2BF07C16D32A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{17EC7F5B-CA4D-43D4-A26B-EAE1D2E66D2D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2158109B-3091-4CA5-95A1-47E03334973A}C:\program files\freephoneline\freephoneline.exe" = protocol=17 | dir=in | app=c:\program files\freephoneline\freephoneline.exe |
"UDP Query User{CD5D0F1B-C52D-4EF3-B361-7FCD6302426A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E073C59D-32CF-4A96-96C1-2BFE413AE49E}C:\users\martin family\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\martin family\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A783E8-DC11-427F-A56C-8ED43EEC0695}" = RPS CRT
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35AE9CC9-10A3-4A24-87DF-A6A99BDC1969}" = Rogers Online Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{512219E9-0723-447F-9CA3-17CC3B5E95B0}" = REALTEK RTL8192U Wireless LAN Driver and Utility
"{548B7B4A-B4F6-4074-A2D2-40154DC906B5}" = RPS PerfectDiskStub
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779C01A3-8466-499D-88FC-EB820EB3AC51}" = RPS RpsCore
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC877B7E-C0BE-441C-956C-38DEBAADD5D8}" = FreePhoneLine
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE736CA3-5100-7CB2-2FB3-399865F522AC}" = Pixtorio Viewer
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"AI RoboForm" = AI RoboForm (All Users)
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.inm.fusion.PixtorioViewer.744790F1545733D757EA034B675902690507C2E8.1" = Pixtorio Viewer
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RadialpointClientGateway_is1" = Rogers Servicepoint Agent 3.7.44
"Speed Dial Utility" = Canon Speed Dial Utility
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"WT083255" = Masters of Mystery - Blood of Betrayal
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/04/2011 6:09:30 PM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/04/2011 6:09:31 PM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:49 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:49 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:49 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:49 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:49 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:50 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:12:50 AM | Computer Name = MARTINFAMILY-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/04/2011 9:13:05 AM | Computer Name = MARTINFAMILY-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21/05/2011 2:15:21 PM | Computer Name = MARTINFAMILY-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 21/05/2011 2:23:57 PM | Computer Name = MARTINFAMILY-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:20:57 PM on 21/05/2011 was unexpected.

Error - 21/05/2011 2:24:24 PM | Computer Name = MARTINFAMILY-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Send To OneNote 2007 with
shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used
by others on the network.

Error - 21/05/2011 2:24:24 PM | Computer Name = MARTINFAMILY-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Canon MX340 series Printer
with shared resource name Canon MX340 series Printer. Error 2114. The printer cannot
be used by others on the network.

Error - 21/05/2011 2:25:02 PM | Computer Name = MARTINFAMILY-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 21/05/2011 2:33:40 PM | Computer Name = MARTINFAMILY-PC | Source = Print | ID = 6161
Description = The document A guide and tutorial on using ComboFix, owned by MARTIN
FAMILY, failed to print on printer Canon MX340 series Printer. Try to print the
document again, or restart the print spooler. Data type: NT EMF 1.008. Size of
the spool file in bytes: 9947616. Number of bytes printed: 3491428. Total number
of pages in the document: 6. Number of pages printed: 0. Client computer: \\MARTINFAMILY-PC.
Win32 error code returned by the print processor: 1. Incorrect function.

Error - 21/05/2011 2:37:05 PM | Computer Name = MARTINFAMILY-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 21/05/2011 2:44:36 PM | Computer Name = MARTINFAMILY-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 21/05/2011 2:50:09 PM | Computer Name = MARTINFAMILY-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 29/05/2011 8:51:09 PM | Computer Name = MARTINFAMILY-PC | Source = nvstor32 | ID = 262149
Description = A parity error was detected on \Device\RaidPort1.


< End of report >

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 29 May 2011 - 08:18 PM

Don't forget MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Posted Image
m0le is a proud member of UNITE

#9 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 29 May 2011 - 08:26 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: eMachines
System Product Name: EL1300
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 156):
0x82E0B000 \SystemRoot\system32\ntkrnlpa.exe
0x831C5000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\PSHED.dll
0x80425000 \SystemRoot\system32\BOOTVID.dll
0x8042D000 \SystemRoot\system32\CLFS.SYS
0x8046E000 \SystemRoot\system32\CI.dll
0x8054E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80604000 \SystemRoot\system32\drivers\acpi.sys
0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80653000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065B000 \SystemRoot\system32\drivers\pci.sys
0x80682000 \SystemRoot\System32\drivers\partmgr.sys
0x80691000 \SystemRoot\system32\drivers\volmgr.sys
0x806A0000 \SystemRoot\System32\drivers\volmgrx.sys
0x806EA000 \SystemRoot\system32\drivers\pciide.sys
0x806F1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x806FF000 \SystemRoot\System32\drivers\mountmgr.sys
0x8070F000 \SystemRoot\system32\drivers\atapi.sys
0x80717000 \SystemRoot\system32\drivers\ataport.SYS
0x80735000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8075A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8079B000 \SystemRoot\system32\drivers\fltmgr.sys
0x807CD000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A60B000 \SystemRoot\system32\drivers\bdfsfltr.sys
0x8A650000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A6C1000 \SystemRoot\system32\drivers\ndis.sys
0x8A7CC000 \SystemRoot\system32\drivers\msrpc.sys
0x8A806000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A841000 \SystemRoot\System32\drivers\tcpip.sys
0x8A92B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB18000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB51000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB59000 \SystemRoot\system32\drivers\AVGIDSEH.sys
0x8AB62000 \SystemRoot\System32\Drivers\mup.sys
0x8AB71000 \SystemRoot\System32\drivers\ecache.sys
0x8AB98000 \SystemRoot\system32\drivers\disk.sys
0x8ABA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABCA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABEA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A96B000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8ABF3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A97B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A98E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A999000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A9A4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A9AE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A9EC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F00B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F098000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8F0DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F0F6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F20B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FC89000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FC8B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FD2B000 \SystemRoot\System32\drivers\watchdog.sys
0x8FD37000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FD66000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FD71000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FD88000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FD93000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FDB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FDC5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FDD9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FDEE000 \SystemRoot\system32\DRIVERS\rp_skt32.sys
0x8F0FC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F10C000 \SystemRoot\system32\DRIVERS\rp_pkt32.sys
0x8FDFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F11A000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F144000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F151000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F186000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FE0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90016000 \SystemRoot\system32\drivers\portcls.sys
0x90043000 \SystemRoot\system32\drivers\drmk.sys
0x90068000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90071000 \SystemRoot\System32\Drivers\Null.SYS
0x90078000 \SystemRoot\System32\Drivers\Beep.SYS
0x9007F000 \SystemRoot\System32\drivers\vga.sys
0x9008B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x900AC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x900B4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x900BC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x900C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x900D5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x900DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x900F4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x900FD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9010D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90114000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90116000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9011E000 \SystemRoot\System32\Drivers\usbVM303.sys
0x9017E000 \SystemRoot\System32\Drivers\STREAM.SYS
0x9018B000 \SystemRoot\system32\DRIVERS\smb.sys
0x9019F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F197000 \SystemRoot\system32\drivers\afd.sys
0x901D1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x901E7000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x901F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F1DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90402000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9043E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90448000 \SystemRoot\System32\Drivers\dfsc.sys
0x9045F000 \SystemRoot\system32\DRIVERS\RTL8192u.sys
0x904D9000 \SystemRoot\system32\DRIVERS\lgandbus.sys
0x904DD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x904F2000 \SystemRoot\system32\DRIVERS\lgandmodem.sys
0x904F9000 \SystemRoot\system32\drivers\modem.sys
0x90506000 \SystemRoot\system32\DRIVERS\lganddiag.sys
0x9050C000 \SystemRoot\system32\DRIVERS\lgandgps.sys
0x90511000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9051E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x90528000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x9C4D0000 \SystemRoot\System32\win32k.sys
0x9054D000 \SystemRoot\System32\drivers\Dxapi.sys
0x90557000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9C6F0000 \SystemRoot\System32\TSDDD.dll
0x9C710000 \SystemRoot\System32\cdd.dll
0x90566000 \SystemRoot\system32\drivers\luafv.sys
0x90581000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xA0204000 \SystemRoot\system32\drivers\spsys.sys
0xA02B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA02C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA02EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA02F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA030B000 \??\C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
0xA0310000 \SystemRoot\system32\drivers\HTTP.sys
0xA037D000 \??\C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
0xA0387000 \??\C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
0xA03AF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA03CC000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA03E5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90596000 \SystemRoot\system32\drivers\mrxdav.sys
0x905B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7603000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA763C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7654000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA767C000 \SystemRoot\System32\DRIVERS\srv.sys
0xA76CB000 \??\C:\Windows\system32\drivers\int15.sys
0xA76D2000 \SystemRoot\system32\drivers\peauth.sys
0xA77B0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA77BA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA77C6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA77DB000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA77ED000 \??\C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys
0xA77F1000 \??\C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys
0xABC07000 \SystemRoot\System32\Drivers\82351225.sys
0xABD2C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xABD42000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xABD44000 \??\C:\Users\MARTIN~1\AppData\Local\Temp\catchme.sys
0xABD53000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xABD78000 \??\C:\Users\MARTIN~1\AppData\Local\Temp\aswMBR.sys
0x77660000 \Windows\System32\ntdll.dll

Processes (total 76):
0 System Idle Process
4 System
8152 C:\Windows\System32\smss.exe
364 csrss.exe
412 C:\Windows\System32\wininit.exe
420 csrss.exe
460 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
508 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\nvvsvc.exe
768 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\audiodg.exe
1064 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\SLsvc.exe
1108 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\nvvsvc.exe
1272 C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
1404 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\spoolsv.exe
1736 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
1904 C:\Windows\System32\dwm.exe
1924 C:\Windows\System32\taskeng.exe
308 C:\Windows\RtHDVCpl.exe
2084 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2120 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
2140 C:\Windows\VM303_STI.EXE
2180 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2240 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
2248 C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
2256 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2272 C:\Program Files\iTunes\iTunesHelper.exe
2640 C:\Windows\System32\taskeng.exe
2752 C:\Windows\System32\svchost.exe
3292 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3312 C:\Program Files\Bonjour\mDNSResponder.exe
3340 C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
3476 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
3520 C:\Windows\System32\svchost.exe
3636 C:\Program Files\CyberLink\Shared files\RichVideo.exe
3664 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3708 C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe
3772 C:\Windows\System32\svchost.exe
3808 C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe
3844 C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe
3892 C:\Windows\System32\svchost.exe
3976 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3992 C:\Windows\System32\SearchIndexer.exe
4048 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4236 WUDFHost.exe
5500 C:\Windows\System32\wbem\unsecapp.exe
5584 WmiPrvSE.exe
5856 C:\Program Files\iPod\bin\iPodService.exe
7224 C:\Windows\System32\svchost.exe
8012 C:\Windows\System32\conime.exe
7896 C:\Windows\explorer.exe
1912 C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
5344 C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
7696 C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
3696 C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
4392 WmiPrvSE.exe
6876 C:\Windows\System32\taskeng.exe
4088 C:\Program Files\Windows Media Player\wmplayer.exe
2024 C:\Program Files\Mozilla Firefox\firefox.exe
6252 C:\Program Files\Mozilla Firefox\plugin-container.exe
6432 WmiPrvSE.exe
1012 C:\Windows\System32\SearchProtocolHost.exe
6256 C:\Windows\System32\SearchFilterHost.exe
4988 dllhost.exe
3600 dllhost.exe
6684 C:\Users\MARTIN FAMILY\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`40100000 (NTFS)

PhysicalDrive0 Model Number: ST3320418AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Acer MBR code detected
SHA1: D0A1D48D923816C1D3F4541365161CF9C2B53818


Done!

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 30 May 2011 - 04:15 AM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 74.82.5.17:3128
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#11 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 30 May 2011 - 08:55 AM

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_095419

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 30 May 2011 - 01:42 PM

Next run MBAM and then visit ESET and scan the PC online

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#13 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 02 June 2011 - 08:29 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6750

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

02/06/2011 1:21:36 AM
mbam-log-2011-06-02 (01-21-36).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 365866
Time elapsed: 5 hour(s), 12 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESET said no log created

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:49 AM

Posted 02 June 2011 - 05:33 PM

The system looks clean. Are you still experiencing any problems such as the CPU?
Posted Image
m0le is a proud member of UNITE

#15 canadiannancy

canadiannancy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 02 June 2011 - 06:19 PM

Yes, just running on the internet(firefox usually) and my computer freezes eeryday, and when I ctl alt del...it says cpu 100%




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users