sandsrfr
Members-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by sandsrfr
-
Powelinks infections needs assistance please
sandsrfr replied to sandsrfr's topic in Resolved Malware Removal Logs
oops, JRT file attached, basically nothing. JRT.txt -
Powelinks infections needs assistance please
sandsrfr replied to sandsrfr's topic in Resolved Malware Removal Logs
can't seem to paste for some reason. so attached is the last MBAM report. Also attached a JRT log. mbam.txt -
Had the infamous multiple dllhost.exe running and 100% cpu usage. Did some digging and see a lot of posts about this. After some scanning I ran combofix which has appeared to solve most of this, but it looks like there are remnants around. Attached are the combofix log, the FRST logs and a log from Roguekiller I just ran. Please advise on the proper steps to fully clean this machine. Thanks! ComboFix.txt FRST.txt Addition.txt RKreport_SCN_10212014_141025.log
-
Maniac, Thanks for your help, however Nothing we tried was working. For the life of me I couldn't get Combo to run. I've also noticed some issues with the User Profile Service not loading properly on restarts. In-lieu of wasting any more time, I opted to do a complete system restore (after backing up the documents necessary). Thanks again
-
Thanks, I had already done that. Prior to coming here for help I had installed a few other programs to try and help get rid of the situation. This computer previously only had AVG Internet Security. I have since uninstalled EVERYTHING malware/antivirus related except for AVIRA Antivir and Malwarebytes. Malwarebytes repeatedly shows blocked ip messages if the computer is connected to the internet. I don't see any IE running in the taskmanager either. Lastnight I tried repeatedly to get Combofix to run. First I uninstalled combofix (ie: rename the combo-fix.exe file to uninstall.exe and ran). It said it uninstalled, although I still had a few 'Combo-Fix1134' (or some weird numbering listed in Mycomputer/C drive. I think this was related to me trying combofix multiple times and it hanging indefinately. I ended up putting those in the recycling bin, restarting and redownloading Combofix to the desktop as Combo-Fix.exe. Last night it ran for +12hours and it didn't budge form the screen stating it shouldn't take more than 10minutes, but on infected it may take longer. **I have 'disabled' Malwarebytes protection, and Disabled Avira protection prior to running Combofix. I also have WindowsDefender turned off. I don't know why it will not run. Tried both in normal windows logon and in safemode. Get similar problems. Suggestions?
-
Here is the Extras.txt results: OTL Extras logfile created on: 5/27/2010 2:54:39 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Donna Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.20 Gb Total Space | 24.10 Gb Free Space | 24.29% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.02 Gb Free Space | 60.24% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.74% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DONNA-INSPIRON Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2361184803-1259109635-2461311832-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe" = C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe:*:Enabled:PsLink -- () "C:\Windows\PsMon.exe" = C:\Windows\PsMon.exe:*:Enabled:PsMonitor -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E37763-2D83-4190-9934-026094157B29}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{04DF5A56-30C9-4C75-8A73-8F66247DA820}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{11DF76CE-9B7E-4E85-B51B-26B9C9EA6967}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | "{22254ADB-2062-48A6-8A09-6EF12AB2C939}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{59EC45AD-8A8C-40AE-9F8F-267A68C58902}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{5E7F3FA6-F288-4ED9-AB08-CB4FE4EE9FC9}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | "{71A05E0C-C66B-40E6-87C8-17F2EF755E0F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe | "{72B3B4A9-FBB0-4E95-8949-E29154577F86}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{76A659DB-4068-46AD-9D89-8B37A5B0405A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{88D75288-1050-4603-9BB4-76627CFBF04D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{90245CD8-EE4F-4287-A6AE-83F61C77C60D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{902E8267-F9A9-4D63-8707-30A6A7E95E08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{9734875D-4E77-4FE8-A7B6-829EA815E661}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{9C983804-C5EC-437B-A370-E1692DAA3FEB}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{9EF91E52-37DB-4892-9026-BAE80B6521BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{C5FE714A-3C00-420A-95D9-F559EBDADB39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CB760BCC-558A-4CB0-8C25-F50A14585C1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe | "{D8887B7D-71EF-4BC5-A899-C9251010310A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{DF9461E1-FF63-443B-A5E3-495197B6A879}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{E77527E9-10C9-426C-BFD4-792A50BA31F3}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "TCP Query User{3CD605E6-282F-4608-AAE6-F2D031FD66A9}C:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe | "TCP Query User{58B9BAE2-D80D-42A3-B43C-AE0EE2D3EEAD}C:\program files\showmypc\smwinvnc.exe" = protocol=6 | dir=in | app=c:\program files\showmypc\smwinvnc.exe | "TCP Query User{89D1DEBC-A901-4D5D-84EC-CB53400B0FAD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{BC11BF1E-88B5-4CF1-8D74-D235F0C37F83}C:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe | "TCP Query User{DD2A1975-4DB9-446E-A225-AF90AEE811D4}C:\program files\laplink\pcmover\pcmover.exe" = protocol=6 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe | "UDP Query User{15A264A9-BB45-4A61-87CF-F83A73621C2A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1A7C5DAF-E048-4CE5-84F9-64C2CA348445}C:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe | "UDP Query User{4C4504B7-EF2F-43DE-8E3F-544B6D1EC733}C:\program files\showmypc\smwinvnc.exe" = protocol=17 | dir=in | app=c:\program files\showmypc\smwinvnc.exe | "UDP Query User{6F835449-5DD3-462E-924B-BE632EA380A5}C:\program files\laplink\pcmover\pcmover.exe" = protocol=17 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe | "UDP Query User{9EAD7C60-DE17-44B2-BAD5-51A9D30AA118}C:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{0030188A-533E-42EE-9837-E044F10E4369}" = Palm "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004 "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06 "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6EA363F3-C5F3-4694-B766-70EE8BDF3EFF}" = PS370 "{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F5F3634-4F0F-477D-AA79-25AEB425B517}" = Airlink101 PS Software "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}" = Hoyle Games Demo "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide "{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28 "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool "{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1 "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "AudibleManager" = AudibleManager "AVG8Uninstall" = AVG 8.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only) "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "CrossWord" = CrossWord "Crossword Compiler 7" = Crossword Compiler 7 "Crossword Weaver 8.0" = Crossword Weaver 8.0 "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "ESET Online Scanner" = ESET Online Scanner v3 "ExamView Player" = ExamView Player "ExamView Pro" = ExamView Pro "HDMI" = Intel® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HPOCR" = HP OCR Software 9.0 "ie7" = Windows Internet Explorer 7 "InstallShield_{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004 "InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06 "InstallShield_{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}" = Hoyle Games Demo "InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide "InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28 "InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MATS_3.0" = Mortician's Assessment Testing Simulator 4.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "SpywareBlaster_is1" = SpywareBlaster 4.3 "TOPO!" = TOPO! "WinCalendar" = WinCalendar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WordWeb" = WordWeb Pro ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/22/2009 12:15:40 PM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474 Description = Windows (3068) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was 3644875090194347794 (0x3295329549b43712). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/22/2009 12:16:01 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/22/2009 3:38:21 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/23/2009 12:07:04 AM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474 Description = Windows (3668) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was 3644875090194347794 (0x3295329549b43712). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/23/2009 12:07:15 AM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/23/2009 12:21:56 AM | Computer Name = Donna-Inspiron | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11/23/2009 12:39:56 AM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/23/2009 11:25:11 PM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474 Description = Windows (3364) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was 3644875090194347794 (0x3295329549b43712). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/23/2009 11:25:13 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/24/2009 12:21:40 AM | Computer Name = Donna-Inspiron | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Broadcom Wireless LAN Events ] Error - 5/22/2010 8:40:22 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 17:40:22, Sat, May 22, 10 Error - Unable to switch user context, error 87 Error - 5/23/2010 1:50:13 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 10:50:13, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/23/2010 7:01:58 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 16:01:58, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/23/2010 7:03:18 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 16:03:18, Sun, May 23, 10 Error - Unable to switch user context, error 87 Error - 5/23/2010 7:09:54 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 16:09:54, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/23/2010 9:44:33 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 18:44:32, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/24/2010 3:22:52 AM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 00:22:51, Mon, May 24, 10 Error - Unable to gain access to user store Error - 5/24/2010 12:02:33 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 09:02:33, Mon, May 24, 10 Error - Unable to switch user context, error 87 Error - 5/24/2010 12:05:57 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 09:05:55, Mon, May 24, 10 Error - Unable to gain access to user store Error - 5/24/2010 12:07:22 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 09:07:22, Mon, May 24, 10 Error - Unable to switch user context, error 87 [ Media Center Events ] Error - 3/12/2009 10:37:10 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 6/22/2009 1:31:13 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 6/25/2009 12:26:36 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 6/25/2009 9:00:16 PM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide [ System Events ] Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7001 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000 Description = Error - 5/27/2010 4:26:01 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7034 Description = Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = DCOM | ID = 10005 Description = Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009 Description = Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000 Description = Error - 5/27/2010 5:52:28 PM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7034 Description = < End of report > Extras.Txt
-
Here is the OTL.txt results: OTL logfile created on: 5/27/2010 2:54:39 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Donna Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.20 Gb Total Space | 24.10 Gb Free Space | 24.29% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.02 Gb Free Space | 60.24% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.74% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DONNA-INSPIRON Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Donna\OTL.exe (OldTimer Tools) PRC - C:\Donna\OTH.scr (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) ========== Modules (SafeList) ========== MOD - C:\Donna\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (BusRMUSB) -- C:\Windows\System32\drivers\BusRMUSB.sys (Windows ® Server 2003 DDK provider) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1080326 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1080326 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1080326 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 23:08:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/20 23:08:38 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe File not found O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\Windows\System32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\Windows\System32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\Windows\System32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\Windows\System32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\System32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\Windows\System32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Windows\Compaq.bmp O24 - Desktop BackupWallPaper: C:\Windows\Compaq.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/04/13 11:46:56 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010/05/27 01:46:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/05/27 01:23:47 | 000,000,000 | ---D | C] -- C:\Donna [2010/05/27 01:21:51 | 000,000,000 | ---D | C] -- C:\AVG8 [2010/05/27 01:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\VirtualStore [2010/05/27 01:12:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Donna [2010/05/24 00:01:09 | 000,000,000 | -HSD | C] -- C:\%APPDATA% [2010/05/23 21:11:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Avira [2010/05/23 20:56:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010/05/23 20:56:15 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/05/23 20:56:15 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010/05/23 20:56:15 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010/05/23 20:56:15 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010/05/23 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/05/23 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/05/23 19:47:53 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010/05/23 19:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/05/23 19:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe [2010/05/23 19:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\HPAppData [2010/05/23 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\SysProt [2010/05/23 18:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/05/23 18:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2010/05/23 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Macromedia [2010/05/23 14:55:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com [2010/05/23 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes [2010/05/23 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple [2010/05/23 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe [2010/05/23 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\AVG8 [2010/05/23 13:55:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Apple Computer [2010/05/23 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\HotSync [2010/05/23 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple Computer [2010/05/23 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Palm OS Desktop [2010/05/23 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\LogMeIn [2010/05/23 13:55:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\MediaDirect [2010/05/23 13:55:26 | 000,000,000 | R--D | C] -- C:\Users\Jason\Searches [2010/05/23 13:55:13 | 000,000,000 | R--D | C] -- C:\Users\Jason\Contacts [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\Temporary Internet Files [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Templates [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Start Menu [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\SendTo [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Recent [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\PrintHood [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\NetHood [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Videos [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Pictures [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Music [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\My Documents [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Local Settings [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\History [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Cookies [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Application Data [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\Application Data [2010/05/23 13:54:55 | 000,000,000 | --SD | C] -- C:\Users\Jason\AppData\Roaming\Microsoft [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Videos [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Saved Games [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Pictures [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Music [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Links [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Favorites [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Downloads [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Documents [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Desktop [2010/05/23 13:54:55 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Temp [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Symantec [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Spearit [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My eBooks [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Media Center Programs [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\InterTrust [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Identities [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\ApplicationHistory [2010/05/23 02:33:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/05/23 02:30:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/05/23 02:30:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/05/23 02:30:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/05/23 02:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/05/23 02:19:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/05/23 01:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/05/23 01:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/05/23 01:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/05/23 01:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/05/23 00:26:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010/05/23 00:00:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/23 00:00:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/17 21:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/17 21:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/17 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro ========== Files - Modified Within 30 Days ========== [2010/05/27 14:57:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job [2010/05/27 14:56:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job [2010/05/27 14:53:37 | 001,835,008 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT [2010/05/27 14:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/27 01:40:37 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/27 01:40:37 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/27 01:40:37 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/27 01:20:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/27 01:20:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/27 01:20:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/27 01:19:56 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys [2010/05/27 01:19:55 | 463,071,549 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/05/27 01:05:08 | 003,699,815 | ---- | M] () -- C:\Users\Jason\Desktop\Combo-Fix.exe [2010/05/27 01:03:02 | 000,132,096 | ---- | M] () -- C:\Users\Jason\Desktop\RootRepeal.exe [2010/05/26 22:04:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/05/26 21:37:54 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/26 21:37:54 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/23 21:06:14 | 060,315,615 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/05/23 20:56:31 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/05/23 19:51:13 | 003,264,536 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db [2010/05/23 18:56:13 | 000,000,814 | ---- | M] () -- C:\Users\Jason\Desktop\SpywareBlaster.lnk [2010/05/23 15:44:19 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010/05/23 14:00:11 | 000,000,000 | ---- | M] () -- C:\Users\Jason\defogger_reenable [2010/05/23 13:59:34 | 000,050,477 | ---- | M] () -- C:\Users\Jason\Desktop\Defogger.exe [2010/05/23 13:55:31 | 000,084,976 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT [2010/05/23 13:54:57 | 000,000,020 | -HS- | M] () -- C:\Users\Jason\ntuser.ini [2010/05/23 02:29:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/05/23 02:29:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/05/23 02:29:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/05/23 02:29:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/05/23 01:18:45 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2010/05/23 00:00:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/02 14:09:27 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2010/05/02 14:09:27 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2010/05/02 14:09:27 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2010/04/30 22:48:11 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/28 18:23:07 | 000,338,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010/05/27 01:19:55 | 463,071,549 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/05/27 01:12:09 | 003,699,815 | ---- | C] () -- C:\Users\Jason\Desktop\Combo-Fix.exe [2010/05/27 01:12:09 | 000,132,096 | ---- | C] () -- C:\Users\Jason\Desktop\RootRepeal.exe [2010/05/26 22:01:03 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys [2010/05/23 20:56:31 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/05/23 18:56:13 | 000,000,814 | ---- | C] () -- C:\Users\Jason\Desktop\SpywareBlaster.lnk [2010/05/23 14:00:11 | 000,000,000 | ---- | C] () -- C:\Users\Jason\defogger_reenable [2010/05/23 13:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Jason\Desktop\Defogger.exe [2010/05/23 13:57:21 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job [2010/05/23 13:54:57 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini [2010/05/23 13:54:55 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010/05/23 13:54:55 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/23 13:54:55 | 000,262,144 | -H-- | C] () -- C:\Users\Jason\ntuser.dat.LOG1 [2010/05/23 13:54:55 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/23 13:54:55 | 000,000,000 | -H-- | C] () -- C:\Users\Jason\ntuser.dat.LOG2 [2010/05/23 13:54:54 | 001,835,008 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT [2010/05/23 02:26:39 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job [2010/05/23 01:18:45 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2010/05/23 00:00:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/11 22:21:33 | 001,339,392 | ---- | C] () -- C:\Windows\System32\HPBCFGRE.DLL [2010/01/11 22:21:33 | 000,094,274 | ---- | C] () -- C:\Windows\System32\hpbhealr.dll [2010/01/11 22:21:33 | 000,006,176 | ---- | C] () -- C:\Windows\System32\HPBFXMMA.DLL [2010/01/11 22:21:33 | 000,006,016 | ---- | C] () -- C:\Windows\System32\hpbmint.dll [2009/09/07 01:30:02 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/08 13:39:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008/04/27 16:27:29 | 000,008,704 | ---- | C] () -- C:\Windows\rmubcntl.dll [2008/04/27 16:27:29 | 000,007,680 | ---- | C] () -- C:\Windows\cvnet05.dll [2008/04/27 16:27:29 | 000,000,090 | ---- | C] () -- C:\Windows\PsLink.ini [2008/04/13 02:02:19 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008/04/13 02:02:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008/04/13 02:02:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/03/26 16:33:31 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008/03/26 16:33:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2008/03/26 16:33:31 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008/03/26 16:33:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/03/26 08:56:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2007/04/09 19:35:52 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll [2007/04/08 13:21:42 | 000,000,070 | ---- | C] () -- C:\Windows\netctrl.ini [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/10/26 16:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI [2004/12/28 17:40:37 | 000,027,422 | ---- | C] () -- C:\Windows\cdPlayer.ini [2004/05/15 18:27:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ati2evxx.dll [2004/02/21 03:23:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2004/02/21 02:35:22 | 000,000,242 | ---- | C] () -- C:\Windows\qwimp.ini [2004/02/21 02:32:22 | 000,000,431 | ---- | C] () -- C:\Windows\intuprof.ini [2004/02/21 02:31:51 | 000,000,774 | ---- | C] () -- C:\Windows\QUICKEN.INI [2003/05/16 17:08:24 | 000,077,824 | ---- | C] () -- C:\Windows\System32\SynTPCoI.dll [2003/05/16 16:57:10 | 000,000,844 | ---- | C] () -- C:\Windows\orun32.ini [2002/12/31 05:00:00 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002/09/09 08:15:50 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini ========== LOP Check ========== [2010/05/23 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HotSync [2008/04/11 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\InterTrust [2008/04/11 19:47:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Spearit [2010/05/26 22:01:13 | 000,000,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/05/27 14:56:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job [2010/05/27 14:57:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005/11/20 14:39:26 | 000,003,954 | ---- | M] () -- C:\additdiag.txt [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2008/03/26 16:33:38 | 000,004,641 | RH-- | M] () -- C:\dell.sdr [2010/05/27 01:19:56 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys [2008/08/30 22:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/08/30 22:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/03/26 08:56:00 | 000,022,729 | ---- | M] () -- C:\newfile.enc [2008/03/26 08:56:00 | 000,022,729 | ---- | M] () -- C:\newkey [2004/12/29 13:18:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004/12/29 13:18:58 | 000,250,032 | RHS- | M] () -- C:\ntldr [2010/05/27 01:19:55 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys [2010/05/27 02:10:15 | 000,060,198 | ---- | M] () -- C:\RootRepeal report 05-27-10 (02-10-14).txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007/12/11 23:01:24 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll [2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > OTL.txt
-
Hello, I've actually tried to run Combo-Fix several times on this computer in normal bootup and safe mode. Pretty much both time I get the warning, then it does a backup of some registry, then it pops up the blue dos window and gets to the point where it says its trying to make a restore point. It will just hang there.. I've left it for hours, nothing. Had to close it both times. Frustrated, I tried to run that rootrepeal again, but constantly got the BSOD and restart on mycomputer. I googled "RootRepeal.exe bsod" and turned up the link to the rootrepeal home site that showed back on version 1.02 they fixed a BSOD problem when it started scanning. I figured that the link you were sending me to was an old version. I downloaded the latest version (v1.3.5) from here: http://ad13.geekstogo.com/RootRepeal.rar and let that run overnight: see attached Rootrepeal.txt **I have uninstalled all of the Adobe acrobat stuff you requested. RootRepeal.txt
-
Sorry for the delay, here is my full GMER.log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-27 00:52:57 Windows 6.0.6002 Service Pack 2 Running: mbdwdsbt.exe; Driver: C:\Users\Jason\AppData\Local\Temp\kflyrkob.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\Users\Jason\AppData\Local\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 77374D34 5 Bytes JMP 0070000A .text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 77375674 5 Bytes JMP 0083000A .text C:\Windows\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 77375DC8 5 Bytes JMP 006F000A .text C:\Windows\system32\svchost.exe[1256] ole32.dll!CoCreateInstance 77219EA6 5 Bytes JMP 00B3000A .text C:\Windows\system32\svchost.exe[1256] USER32.dll!GetCursorPos 774F0B88 5 Bytes JMP 00CB000A .text C:\Windows\Explorer.EXE[3916] ntdll.dll!NtProtectVirtualMemory 77374D34 5 Bytes JMP 008D000A .text C:\Windows\Explorer.EXE[3916] ntdll.dll!NtWriteVirtualMemory 77375674 5 Bytes JMP 008E000A .text C:\Windows\Explorer.EXE[3916] ntdll.dll!KiUserExceptionDispatcher 77375DC8 5 Bytes JMP 008C000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdMadeAnyProgress] [8FEF17D5] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdCompleteEvent] [8FEF20D6] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetLowestDeviceObject] [8FEF204A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetDeviceObject] [8FEF2016] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetLastEvent] [8FEF2036] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdEnterMonitoredSection] [8FEF180F] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdExitMonitoredSection] [8FEF188B] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdFreeDeferredWatchdog] [8FEF6014] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStopDeferredWatch] [8FEF1972] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStartDeferredWatch] [8FEF16E1] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdAllocateDeferredWatchdog] [8FEF5F7A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdSuspendDeferredWatch] [8FEF1763] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdResumeDeferredWatch] [8FEF1773] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74437817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7448A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7443BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7442F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7442E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74468395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7443DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7442FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7442FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7445C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7442D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74426853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7442687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74432AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR45.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1310T.GPD 1412 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2300T.GPD 250939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3X00T.GPD 327671 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6200T.GPD 1383 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOEMUI.DLL 49152 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG55.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0380T.GPD 1368 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7X00T.GPD 238981 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3200.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ615.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82I.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1000T.XML 80239 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK850T.XML 93809 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ5RLHN.DLL 161792 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR4I.GPD 280 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR60.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR65.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR80.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR8I.GPD 280 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJRX.GPD 38891 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOPY.GPD 57912 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOPYUI.INI 93 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMPSC50.GPD 264 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO0410T.GPD 203643 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO0410T.XML 29330 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1100T.GPD 1397 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1100T.XML 29316 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1200T.GPD 1398 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1200T.XML 29305 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1300T.GPD 1412 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1300T.XML 40831 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1310T.XML 41241 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO13X0T.GPD 118671 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1400T.GPD 108605 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1400T.XML 104844 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1500T.GPD 302109 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1500T.XML 121302 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1600T.GPD 1373 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1600T.XML 113257 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1X00T.GPD 68883 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2100T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2100T.XML 70400 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2150T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2150T.XML 70400 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2170T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2170T.XML 70398 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2200T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2200T.XML 70400 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2300T.XML 68902 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2350T.GPD 1374 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2350T.XML 113256 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2400T.GPD 250939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2400T.XML 68904 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2500T.GPD 250939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2500T.XML 68902 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2600T.GPD 1149 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2600T.XML 128697 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2700T.GPD 1151 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2700T.XML 127483 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3100T.GPD 1367 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3100T.XML 139527 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3200T.GPD 1367 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3200T.XML 139527 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3300T.GPD 1367 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3300T.XML 139527 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4100T.GPD 1416 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4100T.XML 30383 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4105T.GPD 1410 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4105T.XML 41776 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO410XT.GPD 92880 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4200T.GPD 114603 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4200T.XML 82939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4300T.GPD 91387 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4300T.XML 89154 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4PG3L.GPD 213074 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4PG3L.XML 78836 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5500T.GPD 137134 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5500T.XML 62640 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5600T.GPD 120343 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5600T.XML 91177 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5H83L.GPD 181901 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5H83L.XML 26279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6200T.XML 114923 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63000.icc 113384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63001.icc 113384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63002.icc 177652 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63003.icc 113392 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63004.icc 113392 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63005.icc 547724 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6300T.GPD 268035 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6300T.XML 117211 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6X00T.GPD 273569 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7200T.GPD 1148 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7200T.XML 127508 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7300T.GPD 1148 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7300T.XML 127498 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7400T.GPD 1148 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7400T.XML 127426 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7X00T.GPD 377252 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOF300T.GPD 91229 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOF300T.XML 89082 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOGDS3L.GPD 151839 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOGDS3L.XML 26679 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOH3550.EXP 32459 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOH5500.EXP 32459 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ1600.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ2600.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ2700.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ6200.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ720.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7200.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7300.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7400.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ750.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ750I.GPD 312 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ920.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ950.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG55I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG85.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG85I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG95.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK60.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK60I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK80.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK80I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV30.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV40.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV40I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV45.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0320T.GPD 57966 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0320T.XML 54773 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0330T.GPD 1368 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0330T.XML 56407 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0370T.GPD 55967 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0370T.XML 54773 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0380T.XML 56396 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP03X0T.GPD 76334 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0420T.GPD 75908 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0420T.XML 56128 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0470T.GPD 85657 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0470T.XML 58584 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP1160T.GPD 268837 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP1160T.XML 106998 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP2570T.GPD 299051 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP2570T.XML 126318 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7200T.GPD 1384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7200T.XML 95553 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7400T.GPD 1384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7400T.XML 95675 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7800T.GPD 1371 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7800T.XML 110020 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP78X0T.GPD 317684 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8000T.GPD 1371 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8000T.XML 110700 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8100T.GPD 1439 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8100T.XML 123866 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8200T.GPD 350850 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8200T.XML 153674 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8400T.GPD 1441 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8400T.XML 124486 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8700T.GPD 433689 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8700T.XML 69364 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8X00T.GPD 312506 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0330.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0380.EXP 101132 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0420.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0470.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH1500.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3100.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3300.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH7800.EXP 108282 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8000.EXP 108247 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8100.EXP 108247 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8200.EXP 115808 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8400.EXP 108247 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV600AL.DLL 506368 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV700AL.DLL 652800 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV800AL.DLL 532992 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV820AL.DLL 615936 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV880AL.DLL 759296 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDB720.DLL 175616 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDB820.DLL 195584 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ200.HLP 11494 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ50.INI 138 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ610.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ612.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ660.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ66E.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ67X.GPD 13836 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ690.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ691.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ693.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ694.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ695.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ697.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ69X.GPD 31491 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ6XX.GPD 16439 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ710.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ720.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ7XX.GPD 22140 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ812.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ815.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82E.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82X.GPD 19632 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ870.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87E.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87I.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87X.GPD 29179 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ882.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89E.GPD 322 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89I.GPD 322 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89X.GPD 40316 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVIMG50.DLL 2572288 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVNAM50.GPD 17612 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVSCP50.DLL 196096 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVUD50.DLL 90624 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVUI50.DLL 136704 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW0460T.GPD 425242 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW0460T.XML 102683 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1000T.GPD 152124 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1200T.GPD 347500 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1200T.XML 78563 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1B83L.GPD 167083 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1B83L.XML 83449 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1QI3L.GPD 167345 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1QI3L.XML 83449 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1RC3L.GPD 167068 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1RC3L.XML 83449 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW2BC6L.GPD 58997 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW2BC6L.XML 13104 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW9800T.GPD 506852 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW9800T.XML 134909 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWH0460.CFG 111785 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWH9800.CFG 146697 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK550T.GPD 179396 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK550T.XML 80612 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK850T.GPD 238453 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM50AL.DLL 561152 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5100.GPD 21064 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5112.GPD 49629 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5122.GPD 51621 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5125.GPD 49613 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5225.GPD 45775 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5350.GPD 10528 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM535M.GPD 9474 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5CON.INI 138 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5DB1.DLL 195584 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWMACRO.GPD 3919 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3ALHN.DLL 1515520 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3CLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3LLHN.DLL 30208 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3MLHN.GPD 107765 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3RLHN.DLL 1253888 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ5CLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6CLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6MLHN.GPD 14955 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6RLHN.DLL 283648 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZENLHN.CHM 139889 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZEVLHN.DLL 365568 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZFNLHN.NTF 52340 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIDR12.DLL 53248 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZINW12.DLL 43008 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPM12.DLL 52736 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPR12.DLL 37376 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPT12.DLL 34304 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZISN12.DLL 20992 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLALHN.DLL 4930560 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLELHN.DLL 663552 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLLLHN.DLL 37376 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLSLHN.DLL 1267200 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZPPLHN.DLL 89600 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZPRLHN.DLL 79872 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSCLHN.DTD 4694 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSCLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSMLHN.GPD 101343 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSRLHN.DLL 132096 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSSLHN.DLL 562176 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSTLHN.DLL 3447808 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZUILHN.DLL 2725376 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HP_3P522.PPD 13380 bytes ---- EOF - GMER 1.0.15 ----
-
Tried running rootrepeal several times... All times caused the system to restart. I also got a profile error on restart and the new user profile I made earlier is now messed up? Here is the errors: Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 19 BCP1: 00000020 BCP2: 8A1AB638 BCP3: 8A1ABA40 BCP4: 08810094 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini052310-02.dmp C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER-65114-0.sysdata.xml C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER311D.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409
-
Hello, Got a Vista computer here that we've been having issues with. Tried running malwarebytes and full AVG scans, but no luck. After one of the restarts, the profile no longer started (ie: we got user profile logon errors, and the system started in a basic profile). Needless to say none of my icons, docs, etc where there because it wasn't logging into my profile. I've installed and ran superantispyware also and it actually detected a c:/windows/mbr.exe file and was able to remove it (malwarebytes didn't find that). I have since made a new user account and logged into that as with the original account, I got repeated: "C:\windows\system32\config desktop is not accessible access is denied" whenever I tried to do anything in that account (wheter it was opening explorer, trying to run a command, etc....) Similar to what this person refered to: http://forums.malwarebytes.org/index.php?s...st&p=139709 (post #2) I've attached my latest MBAM log (quick scan) and DDM logs. I am currently scanning with ESET Online Scanner (partially done and it has found 3 threats so far = variant of WIN32/Agent trojan, Unknow NewHeur_PE virus, and multiple threats). Can someone help me get this resolved! Please? Thanks Sands mbam_log_2010_05_23__14_32_18_.txt Attach.txt DDS.txt