Jump to content

sandsrfr

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by sandsrfr

  1. can't seem to paste for some reason. so attached is the last MBAM report. Also attached a JRT log. mbam.txt
  2. Had the infamous multiple dllhost.exe running and 100% cpu usage. Did some digging and see a lot of posts about this. After some scanning I ran combofix which has appeared to solve most of this, but it looks like there are remnants around. Attached are the combofix log, the FRST logs and a log from Roguekiller I just ran. Please advise on the proper steps to fully clean this machine. Thanks! ComboFix.txt FRST.txt Addition.txt RKreport_SCN_10212014_141025.log
  3. Sorry, I have already 'restored' the system to its factory original state via the Dell restore partition. Currently reinstalling everything and bringing windows back up-to-date with the all sp2 and updates. Thanks
  4. Maniac, Thanks for your help, however Nothing we tried was working. For the life of me I couldn't get Combo to run. I've also noticed some issues with the User Profile Service not loading properly on restarts. In-lieu of wasting any more time, I opted to do a complete system restore (after backing up the documents necessary). Thanks again
  5. Thanks, I had already done that. Prior to coming here for help I had installed a few other programs to try and help get rid of the situation. This computer previously only had AVG Internet Security. I have since uninstalled EVERYTHING malware/antivirus related except for AVIRA Antivir and Malwarebytes. Malwarebytes repeatedly shows blocked ip messages if the computer is connected to the internet. I don't see any IE running in the taskmanager either. Lastnight I tried repeatedly to get Combofix to run. First I uninstalled combofix (ie: rename the combo-fix.exe file to uninstall.exe and ran). It said it uninstalled, although I still had a few 'Combo-Fix1134' (or some weird numbering listed in Mycomputer/C drive. I think this was related to me trying combofix multiple times and it hanging indefinately. I ended up putting those in the recycling bin, restarting and redownloading Combofix to the desktop as Combo-Fix.exe. Last night it ran for +12hours and it didn't budge form the screen stating it shouldn't take more than 10minutes, but on infected it may take longer. **I have 'disabled' Malwarebytes protection, and Disabled Avira protection prior to running Combofix. I also have WindowsDefender turned off. I don't know why it will not run. Tried both in normal windows logon and in safemode. Get similar problems. Suggestions?
  6. Hello Borislav, I just realized I haven't really THANKED you for helping me with this. I do appreciate this!
  7. Here is the Extras.txt results: OTL Extras logfile created on: 5/27/2010 2:54:39 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Donna Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.20 Gb Total Space | 24.10 Gb Free Space | 24.29% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.02 Gb Free Space | 60.24% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.74% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DONNA-INSPIRON Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2361184803-1259109635-2461311832-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe" = C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe:*:Enabled:PsLink -- () "C:\Windows\PsMon.exe" = C:\Windows\PsMon.exe:*:Enabled:PsMonitor -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E37763-2D83-4190-9934-026094157B29}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{04DF5A56-30C9-4C75-8A73-8F66247DA820}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{11DF76CE-9B7E-4E85-B51B-26B9C9EA6967}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | "{22254ADB-2062-48A6-8A09-6EF12AB2C939}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{59EC45AD-8A8C-40AE-9F8F-267A68C58902}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{5E7F3FA6-F288-4ED9-AB08-CB4FE4EE9FC9}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe | "{71A05E0C-C66B-40E6-87C8-17F2EF755E0F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe | "{72B3B4A9-FBB0-4E95-8949-E29154577F86}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{76A659DB-4068-46AD-9D89-8B37A5B0405A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{88D75288-1050-4603-9BB4-76627CFBF04D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{90245CD8-EE4F-4287-A6AE-83F61C77C60D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{902E8267-F9A9-4D63-8707-30A6A7E95E08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{9734875D-4E77-4FE8-A7B6-829EA815E661}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{9C983804-C5EC-437B-A370-E1692DAA3FEB}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{9EF91E52-37DB-4892-9026-BAE80B6521BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{C5FE714A-3C00-420A-95D9-F559EBDADB39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CB760BCC-558A-4CB0-8C25-F50A14585C1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe | "{D8887B7D-71EF-4BC5-A899-C9251010310A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{DF9461E1-FF63-443B-A5E3-495197B6A879}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{E77527E9-10C9-426C-BFD4-792A50BA31F3}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "TCP Query User{3CD605E6-282F-4608-AAE6-F2D031FD66A9}C:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe | "TCP Query User{58B9BAE2-D80D-42A3-B43C-AE0EE2D3EEAD}C:\program files\showmypc\smwinvnc.exe" = protocol=6 | dir=in | app=c:\program files\showmypc\smwinvnc.exe | "TCP Query User{89D1DEBC-A901-4D5D-84EC-CB53400B0FAD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{BC11BF1E-88B5-4CF1-8D74-D235F0C37F83}C:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe | "TCP Query User{DD2A1975-4DB9-446E-A225-AF90AEE811D4}C:\program files\laplink\pcmover\pcmover.exe" = protocol=6 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe | "UDP Query User{15A264A9-BB45-4A61-87CF-F83A73621C2A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1A7C5DAF-E048-4CE5-84F9-64C2CA348445}C:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe | "UDP Query User{4C4504B7-EF2F-43DE-8E3F-544B6D1EC733}C:\program files\showmypc\smwinvnc.exe" = protocol=17 | dir=in | app=c:\program files\showmypc\smwinvnc.exe | "UDP Query User{6F835449-5DD3-462E-924B-BE632EA380A5}C:\program files\laplink\pcmover\pcmover.exe" = protocol=17 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe | "UDP Query User{9EAD7C60-DE17-44B2-BAD5-51A9D30AA118}C:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{0030188A-533E-42EE-9837-E044F10E4369}" = Palm "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004 "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06 "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6EA363F3-C5F3-4694-B766-70EE8BDF3EFF}" = PS370 "{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F5F3634-4F0F-477D-AA79-25AEB425B517}" = Airlink101 PS Software "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}" = Hoyle Games Demo "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide "{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28 "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool "{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1 "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced Video FX Engine" = Advanced Video FX Engine "AudibleManager" = AudibleManager "AVG8Uninstall" = AVG 8.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only) "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "CrossWord" = CrossWord "Crossword Compiler 7" = Crossword Compiler 7 "Crossword Weaver 8.0" = Crossword Weaver 8.0 "Dell Webcam Center" = Dell Webcam Center "Dell Webcam Manager" = Dell Webcam Manager "ESET Online Scanner" = ESET Online Scanner v3 "ExamView Player" = ExamView Player "ExamView Pro" = ExamView Pro "HDMI" = Intel® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HPOCR" = HP OCR Software 9.0 "ie7" = Windows Internet Explorer 7 "InstallShield_{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004 "InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06 "InstallShield_{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}" = Hoyle Games Demo "InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide "InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28 "InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MATS_3.0" = Mortician's Assessment Testing Simulator 4.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "SpywareBlaster_is1" = SpywareBlaster 4.3 "TOPO!" = TOPO! "WinCalendar" = WinCalendar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WordWeb" = WordWeb Pro ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/22/2009 12:15:40 PM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474 Description = Windows (3068) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was 3644875090194347794 (0x3295329549b43712). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/22/2009 12:16:01 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/22/2009 3:38:21 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/23/2009 12:07:04 AM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474 Description = Windows (3668) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was 3644875090194347794 (0x3295329549b43712). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/23/2009 12:07:15 AM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/23/2009 12:21:56 AM | Computer Name = Donna-Inspiron | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 11/23/2009 12:39:56 AM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/23/2009 11:25:11 PM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474 Description = Windows (3364) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was 3644875090194347794 (0x3295329549b43712). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error - 11/23/2009 11:25:13 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008 Description = Error - 11/24/2009 12:21:40 AM | Computer Name = Donna-Inspiron | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ Broadcom Wireless LAN Events ] Error - 5/22/2010 8:40:22 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 17:40:22, Sat, May 22, 10 Error - Unable to switch user context, error 87 Error - 5/23/2010 1:50:13 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 10:50:13, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/23/2010 7:01:58 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 16:01:58, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/23/2010 7:03:18 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 16:03:18, Sun, May 23, 10 Error - Unable to switch user context, error 87 Error - 5/23/2010 7:09:54 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 16:09:54, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/23/2010 9:44:33 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 18:44:32, Sun, May 23, 10 Error - Unable to gain access to user store Error - 5/24/2010 3:22:52 AM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 00:22:51, Mon, May 24, 10 Error - Unable to gain access to user store Error - 5/24/2010 12:02:33 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 09:02:33, Mon, May 24, 10 Error - Unable to switch user context, error 87 Error - 5/24/2010 12:05:57 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 09:05:55, Mon, May 24, 10 Error - Unable to gain access to user store Error - 5/24/2010 12:07:22 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0 Description = 09:07:22, Mon, May 24, 10 Error - Unable to switch user context, error 87 [ Media Center Events ] Error - 3/12/2009 10:37:10 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 6/22/2009 1:31:13 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 6/25/2009 12:26:36 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide Error - 6/25/2009 9:00:16 PM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0 Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide [ System Events ] Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7001 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009 Description = Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000 Description = Error - 5/27/2010 4:26:01 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7034 Description = Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = DCOM | ID = 10005 Description = Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009 Description = Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000 Description = Error - 5/27/2010 5:52:28 PM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7034 Description = < End of report > Extras.Txt
  8. Here is the OTL.txt results: OTL logfile created on: 5/27/2010 2:54:39 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Donna Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99.20 Gb Total Space | 24.10 Gb Free Space | 24.29% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.02 Gb Free Space | 60.24% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.74% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DONNA-INSPIRON Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Donna\OTL.exe (OldTimer Tools) PRC - C:\Donna\OTH.scr (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) ========== Modules (SafeList) ========== MOD - C:\Donna\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (BusRMUSB) -- C:\Windows\System32\drivers\BusRMUSB.sys (Windows ® Server 2003 DDK provider) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1080326 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1080326 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1080326 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 23:08:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/20 23:08:38 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe File not found O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\Windows\System32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\Windows\System32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\Windows\System32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\Windows\System32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\System32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\Windows\System32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Windows\Compaq.bmp O24 - Desktop BackupWallPaper: C:\Windows\Compaq.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/04/13 11:46:56 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010/05/27 01:46:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010/05/27 01:23:47 | 000,000,000 | ---D | C] -- C:\Donna [2010/05/27 01:21:51 | 000,000,000 | ---D | C] -- C:\AVG8 [2010/05/27 01:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\VirtualStore [2010/05/27 01:12:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Donna [2010/05/24 00:01:09 | 000,000,000 | -HSD | C] -- C:\%APPDATA% [2010/05/23 21:11:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Avira [2010/05/23 20:56:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010/05/23 20:56:15 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/05/23 20:56:15 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010/05/23 20:56:15 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010/05/23 20:56:15 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010/05/23 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/05/23 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010/05/23 19:47:53 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010/05/23 19:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010/05/23 19:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe [2010/05/23 19:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\HPAppData [2010/05/23 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\SysProt [2010/05/23 18:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/05/23 18:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2010/05/23 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Macromedia [2010/05/23 14:55:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com [2010/05/23 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes [2010/05/23 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple [2010/05/23 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe [2010/05/23 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\AVG8 [2010/05/23 13:55:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Apple Computer [2010/05/23 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\HotSync [2010/05/23 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple Computer [2010/05/23 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Palm OS Desktop [2010/05/23 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\LogMeIn [2010/05/23 13:55:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\MediaDirect [2010/05/23 13:55:26 | 000,000,000 | R--D | C] -- C:\Users\Jason\Searches [2010/05/23 13:55:13 | 000,000,000 | R--D | C] -- C:\Users\Jason\Contacts [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\Temporary Internet Files [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Templates [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Start Menu [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\SendTo [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Recent [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\PrintHood [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\NetHood [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Videos [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Pictures [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Music [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\My Documents [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Local Settings [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\History [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Cookies [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Application Data [2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\Application Data [2010/05/23 13:54:55 | 000,000,000 | --SD | C] -- C:\Users\Jason\AppData\Roaming\Microsoft [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Videos [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Saved Games [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Pictures [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Music [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Links [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Favorites [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Downloads [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Documents [2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Desktop [2010/05/23 13:54:55 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Temp [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Symantec [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Spearit [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My eBooks [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Media Center Programs [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\InterTrust [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Identities [2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\ApplicationHistory [2010/05/23 02:33:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/05/23 02:30:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/05/23 02:30:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/05/23 02:30:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/05/23 02:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/05/23 02:19:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/05/23 01:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/05/23 01:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/05/23 01:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/05/23 01:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/05/23 00:26:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2010/05/23 00:00:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/23 00:00:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/17 21:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/17 21:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/17 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro ========== Files - Modified Within 30 Days ========== [2010/05/27 14:57:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job [2010/05/27 14:56:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job [2010/05/27 14:53:37 | 001,835,008 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT [2010/05/27 14:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/27 01:40:37 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/27 01:40:37 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/27 01:40:37 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/27 01:20:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/27 01:20:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/27 01:20:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/27 01:19:56 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys [2010/05/27 01:19:55 | 463,071,549 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/05/27 01:05:08 | 003,699,815 | ---- | M] () -- C:\Users\Jason\Desktop\Combo-Fix.exe [2010/05/27 01:03:02 | 000,132,096 | ---- | M] () -- C:\Users\Jason\Desktop\RootRepeal.exe [2010/05/26 22:04:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/05/26 21:37:54 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/26 21:37:54 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/23 21:06:14 | 060,315,615 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/05/23 20:56:31 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/05/23 19:51:13 | 003,264,536 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db [2010/05/23 18:56:13 | 000,000,814 | ---- | M] () -- C:\Users\Jason\Desktop\SpywareBlaster.lnk [2010/05/23 15:44:19 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010/05/23 14:00:11 | 000,000,000 | ---- | M] () -- C:\Users\Jason\defogger_reenable [2010/05/23 13:59:34 | 000,050,477 | ---- | M] () -- C:\Users\Jason\Desktop\Defogger.exe [2010/05/23 13:55:31 | 000,084,976 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT [2010/05/23 13:54:57 | 000,000,020 | -HS- | M] () -- C:\Users\Jason\ntuser.ini [2010/05/23 02:29:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010/05/23 02:29:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010/05/23 02:29:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010/05/23 02:29:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010/05/23 01:18:45 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2010/05/23 00:00:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/02 14:09:27 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg [2010/05/02 14:09:27 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg [2010/05/02 14:09:27 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2010/04/30 22:48:11 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/28 18:23:07 | 000,338,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010/05/27 01:19:55 | 463,071,549 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/05/27 01:12:09 | 003,699,815 | ---- | C] () -- C:\Users\Jason\Desktop\Combo-Fix.exe [2010/05/27 01:12:09 | 000,132,096 | ---- | C] () -- C:\Users\Jason\Desktop\RootRepeal.exe [2010/05/26 22:01:03 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys [2010/05/23 20:56:31 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010/05/23 18:56:13 | 000,000,814 | ---- | C] () -- C:\Users\Jason\Desktop\SpywareBlaster.lnk [2010/05/23 14:00:11 | 000,000,000 | ---- | C] () -- C:\Users\Jason\defogger_reenable [2010/05/23 13:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Jason\Desktop\Defogger.exe [2010/05/23 13:57:21 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job [2010/05/23 13:54:57 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini [2010/05/23 13:54:55 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010/05/23 13:54:55 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/05/23 13:54:55 | 000,262,144 | -H-- | C] () -- C:\Users\Jason\ntuser.dat.LOG1 [2010/05/23 13:54:55 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/05/23 13:54:55 | 000,000,000 | -H-- | C] () -- C:\Users\Jason\ntuser.dat.LOG2 [2010/05/23 13:54:54 | 001,835,008 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT [2010/05/23 02:26:39 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job [2010/05/23 01:18:45 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2010/05/23 00:00:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/11 22:21:33 | 001,339,392 | ---- | C] () -- C:\Windows\System32\HPBCFGRE.DLL [2010/01/11 22:21:33 | 000,094,274 | ---- | C] () -- C:\Windows\System32\hpbhealr.dll [2010/01/11 22:21:33 | 000,006,176 | ---- | C] () -- C:\Windows\System32\HPBFXMMA.DLL [2010/01/11 22:21:33 | 000,006,016 | ---- | C] () -- C:\Windows\System32\hpbmint.dll [2009/09/07 01:30:02 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/08 13:39:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008/04/27 16:27:29 | 000,008,704 | ---- | C] () -- C:\Windows\rmubcntl.dll [2008/04/27 16:27:29 | 000,007,680 | ---- | C] () -- C:\Windows\cvnet05.dll [2008/04/27 16:27:29 | 000,000,090 | ---- | C] () -- C:\Windows\PsLink.ini [2008/04/13 02:02:19 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008/04/13 02:02:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008/04/13 02:02:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/03/26 16:33:31 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008/03/26 16:33:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2008/03/26 16:33:31 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008/03/26 16:33:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/03/26 08:56:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2007/04/09 19:35:52 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll [2007/04/08 13:21:42 | 000,000,070 | ---- | C] () -- C:\Windows\netctrl.ini [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005/10/26 16:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI [2004/12/28 17:40:37 | 000,027,422 | ---- | C] () -- C:\Windows\cdPlayer.ini [2004/05/15 18:27:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ati2evxx.dll [2004/02/21 03:23:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2004/02/21 02:35:22 | 000,000,242 | ---- | C] () -- C:\Windows\qwimp.ini [2004/02/21 02:32:22 | 000,000,431 | ---- | C] () -- C:\Windows\intuprof.ini [2004/02/21 02:31:51 | 000,000,774 | ---- | C] () -- C:\Windows\QUICKEN.INI [2003/05/16 17:08:24 | 000,077,824 | ---- | C] () -- C:\Windows\System32\SynTPCoI.dll [2003/05/16 16:57:10 | 000,000,844 | ---- | C] () -- C:\Windows\orun32.ini [2002/12/31 05:00:00 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002/09/09 08:15:50 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini ========== LOP Check ========== [2010/05/23 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HotSync [2008/04/11 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\InterTrust [2008/04/11 19:47:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Spearit [2010/05/26 22:01:13 | 000,000,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/05/27 14:56:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job [2010/05/27 14:57:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005/11/20 14:39:26 | 000,003,954 | ---- | M] () -- C:\additdiag.txt [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2008/03/26 16:33:38 | 000,004,641 | RH-- | M] () -- C:\dell.sdr [2010/05/27 01:19:56 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys [2008/08/30 22:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/08/30 22:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/03/26 08:56:00 | 000,022,729 | ---- | M] () -- C:\newfile.enc [2008/03/26 08:56:00 | 000,022,729 | ---- | M] () -- C:\newkey [2004/12/29 13:18:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004/12/29 13:18:58 | 000,250,032 | RHS- | M] () -- C:\ntldr [2010/05/27 01:19:55 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys [2010/05/27 02:10:15 | 000,060,198 | ---- | M] () -- C:\RootRepeal report 05-27-10 (02-10-14).txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007/12/11 23:01:24 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll [2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > OTL.txt
  9. Hello, I've actually tried to run Combo-Fix several times on this computer in normal bootup and safe mode. Pretty much both time I get the warning, then it does a backup of some registry, then it pops up the blue dos window and gets to the point where it says its trying to make a restore point. It will just hang there.. I've left it for hours, nothing. Had to close it both times. Frustrated, I tried to run that rootrepeal again, but constantly got the BSOD and restart on mycomputer. I googled "RootRepeal.exe bsod" and turned up the link to the rootrepeal home site that showed back on version 1.02 they fixed a BSOD problem when it started scanning. I figured that the link you were sending me to was an old version. I downloaded the latest version (v1.3.5) from here: http://ad13.geekstogo.com/RootRepeal.rar and let that run overnight: see attached Rootrepeal.txt **I have uninstalled all of the Adobe acrobat stuff you requested. RootRepeal.txt
  10. Sorry for the delay, here is my full GMER.log GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-27 00:52:57 Windows 6.0.6002 Service Pack 2 Running: mbdwdsbt.exe; Driver: C:\Users\Jason\AppData\Local\Temp\kflyrkob.sys ---- Kernel code sections - GMER 1.0.15 ---- ? C:\Users\Jason\AppData\Local\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 77374D34 5 Bytes JMP 0070000A .text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 77375674 5 Bytes JMP 0083000A .text C:\Windows\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 77375DC8 5 Bytes JMP 006F000A .text C:\Windows\system32\svchost.exe[1256] ole32.dll!CoCreateInstance 77219EA6 5 Bytes JMP 00B3000A .text C:\Windows\system32\svchost.exe[1256] USER32.dll!GetCursorPos 774F0B88 5 Bytes JMP 00CB000A .text C:\Windows\Explorer.EXE[3916] ntdll.dll!NtProtectVirtualMemory 77374D34 5 Bytes JMP 008D000A .text C:\Windows\Explorer.EXE[3916] ntdll.dll!NtWriteVirtualMemory 77375674 5 Bytes JMP 008E000A .text C:\Windows\Explorer.EXE[3916] ntdll.dll!KiUserExceptionDispatcher 77375DC8 5 Bytes JMP 008C000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdMadeAnyProgress] [8FEF17D5] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdCompleteEvent] [8FEF20D6] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetLowestDeviceObject] [8FEF204A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetDeviceObject] [8FEF2016] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetLastEvent] [8FEF2036] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdEnterMonitoredSection] [8FEF180F] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdExitMonitoredSection] [8FEF188B] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdFreeDeferredWatchdog] [8FEF6014] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStopDeferredWatch] [8FEF1972] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStartDeferredWatch] [8FEF16E1] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdAllocateDeferredWatchdog] [8FEF5F7A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdSuspendDeferredWatch] [8FEF1763] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdResumeDeferredWatch] [8FEF1773] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74437817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7448A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7443BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7442F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7442E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74468395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7443DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7442FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7442FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7445C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7442D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74426853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7442687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74432AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396 ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR45.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1310T.GPD 1412 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2300T.GPD 250939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3X00T.GPD 327671 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6200T.GPD 1383 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOEMUI.DLL 49152 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG55.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0380T.GPD 1368 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7X00T.GPD 238981 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3200.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ615.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82I.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1000T.XML 80239 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK850T.XML 93809 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ5RLHN.DLL 161792 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR4I.GPD 280 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR60.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR65.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR80.GPD 276 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR8I.GPD 280 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJRX.GPD 38891 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOPY.GPD 57912 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOPYUI.INI 93 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMPSC50.GPD 264 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO0410T.GPD 203643 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO0410T.XML 29330 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1100T.GPD 1397 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1100T.XML 29316 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1200T.GPD 1398 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1200T.XML 29305 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1300T.GPD 1412 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1300T.XML 40831 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1310T.XML 41241 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO13X0T.GPD 118671 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1400T.GPD 108605 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1400T.XML 104844 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1500T.GPD 302109 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1500T.XML 121302 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1600T.GPD 1373 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1600T.XML 113257 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1X00T.GPD 68883 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2100T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2100T.XML 70400 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2150T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2150T.XML 70400 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2170T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2170T.XML 70398 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2200T.GPD 265344 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2200T.XML 70400 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2300T.XML 68902 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2350T.GPD 1374 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2350T.XML 113256 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2400T.GPD 250939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2400T.XML 68904 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2500T.GPD 250939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2500T.XML 68902 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2600T.GPD 1149 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2600T.XML 128697 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2700T.GPD 1151 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2700T.XML 127483 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3100T.GPD 1367 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3100T.XML 139527 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3200T.GPD 1367 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3200T.XML 139527 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3300T.GPD 1367 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3300T.XML 139527 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4100T.GPD 1416 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4100T.XML 30383 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4105T.GPD 1410 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4105T.XML 41776 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO410XT.GPD 92880 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4200T.GPD 114603 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4200T.XML 82939 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4300T.GPD 91387 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4300T.XML 89154 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4PG3L.GPD 213074 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4PG3L.XML 78836 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5500T.GPD 137134 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5500T.XML 62640 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5600T.GPD 120343 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5600T.XML 91177 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5H83L.GPD 181901 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5H83L.XML 26279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6200T.XML 114923 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63000.icc 113384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63001.icc 113384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63002.icc 177652 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63003.icc 113392 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63004.icc 113392 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63005.icc 547724 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6300T.GPD 268035 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6300T.XML 117211 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6X00T.GPD 273569 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7200T.GPD 1148 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7200T.XML 127508 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7300T.GPD 1148 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7300T.XML 127498 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7400T.GPD 1148 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7400T.XML 127426 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7X00T.GPD 377252 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOF300T.GPD 91229 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOF300T.XML 89082 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOGDS3L.GPD 151839 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOGDS3L.XML 26679 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOH3550.EXP 32459 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOH5500.EXP 32459 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ1600.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ2600.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ2700.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ6200.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ720.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7200.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7300.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7400.CFG 107372 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ750.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ750I.GPD 312 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ920.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ950.GPD 303 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG55I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG85.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG85I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG95.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK60.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK60I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK80.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK80I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV30.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV40.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV40I.GPD 320 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV45.GPD 315 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0320T.GPD 57966 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0320T.XML 54773 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0330T.GPD 1368 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0330T.XML 56407 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0370T.GPD 55967 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0370T.XML 54773 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0380T.XML 56396 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP03X0T.GPD 76334 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0420T.GPD 75908 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0420T.XML 56128 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0470T.GPD 85657 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0470T.XML 58584 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP1160T.GPD 268837 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP1160T.XML 106998 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP2570T.GPD 299051 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP2570T.XML 126318 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7200T.GPD 1384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7200T.XML 95553 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7400T.GPD 1384 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7400T.XML 95675 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7800T.GPD 1371 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7800T.XML 110020 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP78X0T.GPD 317684 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8000T.GPD 1371 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8000T.XML 110700 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8100T.GPD 1439 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8100T.XML 123866 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8200T.GPD 350850 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8200T.XML 153674 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8400T.GPD 1441 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8400T.XML 124486 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8700T.GPD 433689 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8700T.XML 69364 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8X00T.GPD 312506 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0330.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0380.EXP 101132 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0420.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0470.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH1500.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3100.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3300.EXP 101168 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH7800.EXP 108282 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8000.EXP 108247 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8100.EXP 108247 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8200.EXP 115808 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8400.EXP 108247 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV600AL.DLL 506368 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV700AL.DLL 652800 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV800AL.DLL 532992 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV820AL.DLL 615936 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV880AL.DLL 759296 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDB720.DLL 175616 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDB820.DLL 195584 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ200.HLP 11494 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ50.INI 138 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ610.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ612.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ660.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ66E.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ67X.GPD 13836 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ690.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ691.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ693.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ694.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ695.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ697.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ69X.GPD 31491 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ6XX.GPD 16439 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ710.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ720.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ7XX.GPD 22140 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ812.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ815.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82E.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82X.GPD 19632 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ870.GPD 279 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87E.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87I.GPD 283 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87X.GPD 29179 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ882.GPD 317 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89E.GPD 322 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89I.GPD 322 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89X.GPD 40316 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVIMG50.DLL 2572288 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVNAM50.GPD 17612 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVSCP50.DLL 196096 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVUD50.DLL 90624 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVUI50.DLL 136704 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW0460T.GPD 425242 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW0460T.XML 102683 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1000T.GPD 152124 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1200T.GPD 347500 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1200T.XML 78563 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1B83L.GPD 167083 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1B83L.XML 83449 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1QI3L.GPD 167345 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1QI3L.XML 83449 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1RC3L.GPD 167068 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1RC3L.XML 83449 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW2BC6L.GPD 58997 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW2BC6L.XML 13104 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW9800T.GPD 506852 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW9800T.XML 134909 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWH0460.CFG 111785 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWH9800.CFG 146697 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK550T.GPD 179396 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK550T.XML 80612 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK850T.GPD 238453 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM50AL.DLL 561152 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5100.GPD 21064 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5112.GPD 49629 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5122.GPD 51621 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5125.GPD 49613 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5225.GPD 45775 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5350.GPD 10528 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM535M.GPD 9474 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5CON.INI 138 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5DB1.DLL 195584 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWMACRO.GPD 3919 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3ALHN.DLL 1515520 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3CLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3LLHN.DLL 30208 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3MLHN.GPD 107765 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3RLHN.DLL 1253888 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ5CLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6CLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6MLHN.GPD 14955 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6RLHN.DLL 283648 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZENLHN.CHM 139889 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZEVLHN.DLL 365568 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZFNLHN.NTF 52340 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIDR12.DLL 53248 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZINW12.DLL 43008 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPM12.DLL 52736 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPR12.DLL 37376 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPT12.DLL 34304 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZISN12.DLL 20992 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLALHN.DLL 4930560 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLELHN.DLL 663552 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLLLHN.DLL 37376 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLSLHN.DLL 1267200 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZPPLHN.DLL 89600 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZPRLHN.DLL 79872 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSCLHN.DTD 4694 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSCLHN.INI 164 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSMLHN.GPD 101343 bytes File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSRLHN.DLL 132096 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSSLHN.DLL 562176 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSTLHN.DLL 3447808 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZUILHN.DLL 2725376 bytes executable File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HP_3P522.PPD 13380 bytes ---- EOF - GMER 1.0.15 ----
  11. Each time I try to log in now, I am getting a 'failed to connect to user profile service.....' balloon in the lower right... The desktop is missing the GMER and other programs that I just downloaded to it...???
  12. Tried running rootrepeal several times... All times caused the system to restart. I also got a profile error on restart and the new user profile I made earlier is now messed up? Here is the errors: Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional information about the problem: BCCode: 19 BCP1: 00000020 BCP2: 8A1AB638 BCP3: 8A1ABA40 BCP4: 08810094 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini052310-02.dmp C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER-65114-0.sysdata.xml C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER311D.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409
  13. Okay, here is the GMER log (when I ran it without the C: drive checked, it actually finished then), see attached. I'll post the rootrepeal log as soon as it finished GMER.txt
  14. Hello Borislav, I downloaded GMER and tryed too scan... By default the 'Files' and the 'C' drive are checked. It started scanning, then it just disappeared. Do I need to run this program and uncheck the 'files' and 'C' drive to get it to run properly?
  15. Also, I forgot to mention, that prior to running this ESET online scanner, I downloaded the Defogger.exe (as referenced here in the forums) and disabled CD emulator drivers (maybe that is why eset is finding stuff now)?
  16. Hello, Got a Vista computer here that we've been having issues with. Tried running malwarebytes and full AVG scans, but no luck. After one of the restarts, the profile no longer started (ie: we got user profile logon errors, and the system started in a basic profile). Needless to say none of my icons, docs, etc where there because it wasn't logging into my profile. I've installed and ran superantispyware also and it actually detected a c:/windows/mbr.exe file and was able to remove it (malwarebytes didn't find that). I have since made a new user account and logged into that as with the original account, I got repeated: "C:\windows\system32\config desktop is not accessible access is denied" whenever I tried to do anything in that account (wheter it was opening explorer, trying to run a command, etc....) Similar to what this person refered to: http://forums.malwarebytes.org/index.php?s...st&p=139709 (post #2) I've attached my latest MBAM log (quick scan) and DDM logs. I am currently scanning with ESET Online Scanner (partially done and it has found 3 threats so far = variant of WIN32/Agent trojan, Unknow NewHeur_PE virus, and multiple threats). Can someone help me get this resolved! Please? Thanks Sands mbam_log_2010_05_23__14_32_18_.txt Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.