Jump to content

IE-redirect, User Profile login error, Windows files not accessible (access denied)


Recommended Posts

Hello,

Got a Vista computer here that we've been having issues with. Tried running malwarebytes and full AVG scans, but no luck. After one of the restarts, the profile no longer started (ie: we got user profile logon errors, and the system started in a basic profile). Needless to say none of my icons, docs, etc where there because it wasn't logging into my profile.

I've installed and ran superantispyware also and it actually detected a c:/windows/mbr.exe file and was able to remove it (malwarebytes didn't find that).

I have since made a new user account and logged into that as with the original account, I got repeated: "C:\windows\system32\config desktop is not accessible access is denied" whenever I tried to do anything in that account (wheter it was opening explorer, trying to run a command, etc....)

Similar to what this person refered to: http://forums.malwarebytes.org/index.php?s...st&p=139709 (post #2)

I've attached my latest MBAM log (quick scan) and DDM logs.

I am currently scanning with ESET Online Scanner (partially done and it has found 3 threats so far = variant of WIN32/Agent trojan, Unknow NewHeur_PE virus, and multiple threats).

Can someone help me get this resolved! Please?

Thanks

Sands

mbam_log_2010_05_23__14_32_18_.txt

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello sandsrfr! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Link to post
Share on other sites

Hello Borislav,

I downloaded GMER and tryed too scan... By default the 'Files' and the 'C' drive are checked. It started scanning, then it just disappeared.

Do I need to run this program and uncheck the 'files' and 'C' drive to get it to run properly?

Link to post
Share on other sites

No, they should be checked. Let's try with this tool:

Download RootRepeal Beta on your desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:

    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services

    [*]Click the OK button

    [*]In the next dialog, select all drives showing

    [*]Click OK to start the scan

    Note: The scan can take some time.
    DO NOT
    run any other programs while the scan is running

    [*]When the scan is complete, the Save Report button will become available

    [*]Click this and save the report to your Desktop as RootRepeal.txt

    [*]Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

Link to post
Share on other sites

Tried running rootrepeal several times... All times caused the system to restart. I also got a profile error on restart and the new user profile I made earlier is now messed up?

Here is the errors:

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional information about the problem:

BCCode: 19

BCP1: 00000020

BCP2: 8A1AB638

BCP3: 8A1ABA40

BCP4: 08810094

OS Version: 6_0_6002

Service Pack: 2_0

Product: 768_1

Files that help describe the problem:

C:\Windows\Minidump\Mini052310-02.dmp

C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER-65114-0.sysdata.xml

C:\Windows\System32\config\systemprofile\AppData\Local\Temp\WER311D.tmp.version.txt

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

Link to post
Share on other sites

This program is JUNK!!! It does nothing but restart the computer immediately!

No, they should be checked. Let's try with this tool:

Download RootRepeal Beta on your desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:

    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services

    [*]Click the OK button

    [*]In the next dialog, select all drives showing

    [*]Click OK to start the scan

    Note: The scan can take some time.
    DO NOT
    run any other programs while the scan is running

    [*]When the scan is complete, the Save Report button will become available

    [*]Click this and save the report to your Desktop as RootRepeal.txt

    [*]Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

Link to post
Share on other sites

Thanks!

Step 1

Please, uninstall the following applications:

  1. Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
  2. Adobe Reader 8.1.2
  3. Adobe Reader 8.1.2 Security Update 1 (KB403742)

You can read, how to this in:

Step 2

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

In your next reply, please include these log(s) in this sequence:

  1. ComboFix log

Link to post
Share on other sites

Sorry for the delay, here is my full GMER.log

GMER 1.0.15.15281 -

Rootkit scan 2010-05-27 00:52:57

Windows 6.0.6002 Service Pack 2

Running: mbdwdsbt.exe; Driver: C:\Users\Jason\AppData\Local\Temp\kflyrkob.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Jason\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 77374D34 5 Bytes JMP 0070000A

.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 77375674 5 Bytes JMP 0083000A

.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 77375DC8 5 Bytes JMP 006F000A

.text C:\Windows\system32\svchost.exe[1256] ole32.dll!CoCreateInstance 77219EA6 5 Bytes JMP 00B3000A

.text C:\Windows\system32\svchost.exe[1256] USER32.dll!GetCursorPos 774F0B88 5 Bytes JMP 00CB000A

.text C:\Windows\Explorer.EXE[3916] ntdll.dll!NtProtectVirtualMemory 77374D34 5 Bytes JMP 008D000A

.text C:\Windows\Explorer.EXE[3916] ntdll.dll!NtWriteVirtualMemory 77375674 5 Bytes JMP 008E000A

.text C:\Windows\Explorer.EXE[3916] ntdll.dll!KiUserExceptionDispatcher 77375DC8 5 Bytes JMP 008C000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdMadeAnyProgress] [8FEF17D5] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdCompleteEvent] [8FEF20D6] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetLowestDeviceObject] [8FEF204A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetDeviceObject] [8FEF2016] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[watchdog.sys!WdGetLastEvent] [8FEF2036] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdEnterMonitoredSection] [8FEF180F] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdExitMonitoredSection] [8FEF188B] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdFreeDeferredWatchdog] [8FEF6014] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStopDeferredWatch] [8FEF1972] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdStartDeferredWatch] [8FEF16E1] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdAllocateDeferredWatchdog] [8FEF5F7A] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdSuspendDeferredWatch] [8FEF1763] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

IAT \SystemRoot\System32\win32k.sys[watchdog.sys!WdResumeDeferredWatch] [8FEF1773] \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74437817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7448A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7443BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7442F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7442E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74468395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7443DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7442FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7442FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [744BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7445C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7442D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74426853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7442687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3916] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74432AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396

ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR45.GPD 276 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1310T.GPD 1412 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2300T.GPD 250939 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3X00T.GPD 327671 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6200T.GPD 1383 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOEMUI.DLL 49152 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG55.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0380T.GPD 1368 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7X00T.GPD 238981 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3200.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ615.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82I.GPD 283 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1000T.XML 80239 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK850T.XML 93809 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ5RLHN.DLL 161792 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR4I.GPD 280 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR60.GPD 276 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR65.GPD 276 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR80.GPD 276 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJR8I.GPD 280 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOJRX.GPD 38891 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOPY.GPD 57912 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMOPYUI.INI 93 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPMPSC50.GPD 264 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO0410T.GPD 203643 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO0410T.XML 29330 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1100T.GPD 1397 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1100T.XML 29316 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1200T.GPD 1398 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1200T.XML 29305 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1300T.GPD 1412 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1300T.XML 40831 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1310T.XML 41241 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO13X0T.GPD 118671 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1400T.GPD 108605 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1400T.XML 104844 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1500T.GPD 302109 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1500T.XML 121302 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1600T.GPD 1373 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1600T.XML 113257 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO1X00T.GPD 68883 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2100T.GPD 265344 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2100T.XML 70400 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2150T.GPD 265344 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2150T.XML 70400 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2170T.GPD 265344 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2170T.XML 70398 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2200T.GPD 265344 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2200T.XML 70400 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2300T.XML 68902 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2350T.GPD 1374 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2350T.XML 113256 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2400T.GPD 250939 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2400T.XML 68904 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2500T.GPD 250939 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2500T.XML 68902 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2600T.GPD 1149 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2600T.XML 128697 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2700T.GPD 1151 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO2700T.XML 127483 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3100T.GPD 1367 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3100T.XML 139527 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3200T.GPD 1367 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3200T.XML 139527 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3300T.GPD 1367 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO3300T.XML 139527 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4100T.GPD 1416 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4100T.XML 30383 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4105T.GPD 1410 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4105T.XML 41776 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO410XT.GPD 92880 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4200T.GPD 114603 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4200T.XML 82939 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4300T.GPD 91387 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4300T.XML 89154 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4PG3L.GPD 213074 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO4PG3L.XML 78836 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5500T.GPD 137134 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5500T.XML 62640 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5600T.GPD 120343 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5600T.XML 91177 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5H83L.GPD 181901 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO5H83L.XML 26279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6200T.XML 114923 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63000.icc 113384 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63001.icc 113384 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63002.icc 177652 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63003.icc 113392 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63004.icc 113392 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\hpo63005.icc 547724 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6300T.GPD 268035 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6300T.XML 117211 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO6X00T.GPD 273569 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7200T.GPD 1148 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7200T.XML 127508 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7300T.GPD 1148 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7300T.XML 127498 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7400T.GPD 1148 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7400T.XML 127426 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPO7X00T.GPD 377252 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOF300T.GPD 91229 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOF300T.XML 89082 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOGDS3L.GPD 151839 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOGDS3L.XML 26679 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOH3550.EXP 32459 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOH5500.EXP 32459 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ1600.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ2600.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ2700.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ6200.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ720.GPD 303 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7200.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7300.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ7400.CFG 107372 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ750.GPD 303 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ750I.GPD 312 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ920.GPD 303 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJ950.GPD 303 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG55I.GPD 320 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG85.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG85I.GPD 320 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJG95.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK60.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK60I.GPD 320 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK80.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJK80I.GPD 320 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV30.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV40.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV40I.GPD 320 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPOJV45.GPD 315 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0320T.GPD 57966 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0320T.XML 54773 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0330T.GPD 1368 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0330T.XML 56407 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0370T.GPD 55967 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0370T.XML 54773 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0380T.XML 56396 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP03X0T.GPD 76334 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0420T.GPD 75908 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0420T.XML 56128 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0470T.GPD 85657 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP0470T.XML 58584 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP1160T.GPD 268837 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP1160T.XML 106998 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP2570T.GPD 299051 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP2570T.XML 126318 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7200T.GPD 1384 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7200T.XML 95553 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7400T.GPD 1384 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7400T.XML 95675 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7800T.GPD 1371 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP7800T.XML 110020 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP78X0T.GPD 317684 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8000T.GPD 1371 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8000T.XML 110700 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8100T.GPD 1439 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8100T.XML 123866 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8200T.GPD 350850 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8200T.XML 153674 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8400T.GPD 1441 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8400T.XML 124486 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8700T.GPD 433689 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8700T.XML 69364 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPP8X00T.GPD 312506 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0330.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0380.EXP 101132 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0420.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH0470.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH1500.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3100.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH3300.EXP 101168 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH7800.EXP 108282 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8000.EXP 108247 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8100.EXP 108247 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8200.EXP 115808 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPPH8400.EXP 108247 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV600AL.DLL 506368 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV700AL.DLL 652800 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV800AL.DLL 532992 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV820AL.DLL 615936 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPV880AL.DLL 759296 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDB720.DLL 175616 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDB820.DLL 195584 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ200.HLP 11494 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ50.INI 138 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ610.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ612.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ660.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ66E.GPD 283 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ67X.GPD 13836 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ690.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ691.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ693.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ694.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ695.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ697.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ69X.GPD 31491 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ6XX.GPD 16439 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ710.GPD 317 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ720.GPD 317 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ7XX.GPD 22140 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ812.GPD 317 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ815.GPD 317 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82E.GPD 283 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ82X.GPD 19632 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ870.GPD 279 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87E.GPD 283 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87I.GPD 283 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ87X.GPD 29179 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ882.GPD 317 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89E.GPD 322 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89I.GPD 322 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVDJ89X.GPD 40316 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVIMG50.DLL 2572288 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVNAM50.GPD 17612 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVSCP50.DLL 196096 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVUD50.DLL 90624 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPVUI50.DLL 136704 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW0460T.GPD 425242 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW0460T.XML 102683 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1000T.GPD 152124 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1200T.GPD 347500 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1200T.XML 78563 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1B83L.GPD 167083 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1B83L.XML 83449 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1QI3L.GPD 167345 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1QI3L.XML 83449 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1RC3L.GPD 167068 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW1RC3L.XML 83449 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW2BC6L.GPD 58997 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW2BC6L.XML 13104 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW9800T.GPD 506852 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPW9800T.XML 134909 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWH0460.CFG 111785 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWH9800.CFG 146697 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK550T.GPD 179396 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK550T.XML 80612 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWK850T.GPD 238453 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM50AL.DLL 561152 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5100.GPD 21064 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5112.GPD 49629 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5122.GPD 51621 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5125.GPD 49613 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5225.GPD 45775 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5350.GPD 10528 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM535M.GPD 9474 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5CON.INI 138 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWM5DB1.DLL 195584 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPWMACRO.GPD 3919 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3ALHN.DLL 1515520 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3CLHN.INI 164 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3LLHN.DLL 30208 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3MLHN.GPD 107765 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ3RLHN.DLL 1253888 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ5CLHN.INI 164 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6CLHN.INI 164 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6MLHN.GPD 14955 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZ6RLHN.DLL 283648 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZENLHN.CHM 139889 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZEVLHN.DLL 365568 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZFNLHN.NTF 52340 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIDR12.DLL 53248 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZINW12.DLL 43008 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPM12.DLL 52736 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPR12.DLL 37376 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZIPT12.DLL 34304 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZISN12.DLL 20992 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLALHN.DLL 4930560 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLELHN.DLL 663552 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLLLHN.DLL 37376 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZLSLHN.DLL 1267200 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZPPLHN.DLL 89600 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZPRLHN.DLL 79872 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSCLHN.DTD 4694 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSCLHN.INI 164 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSMLHN.GPD 101343 bytes

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSRLHN.DLL 132096 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSSLHN.DLL 562176 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZSTLHN.DLL 3447808 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HPZUILHN.DLL 2725376 bytes executable

File C:\Windows\System32\DriverStore\FileRepository\prnhp001.inf_5641fa75\I386\HP_3P522.PPD 13380 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hello,

I've actually tried to run Combo-Fix several times on this computer in normal bootup and safe mode. Pretty much both time I get the warning, then it does a backup of some registry, then it pops up the blue dos window and gets to the point where it says its trying to make a restore point. It will just hang there.. I've left it for hours, nothing. Had to close it both times.

Frustrated, I tried to run that rootrepeal again, but constantly got the BSOD and restart on mycomputer. I googled "RootRepeal.exe bsod" and turned up the link to the rootrepeal home site that showed back on version 1.02 they fixed a BSOD problem when it started scanning. I figured that the link you were sending me to was an old version. I downloaded the latest version (v1.3.5) from here: http://ad13.geekstogo.com/RootRepeal.rar and let that run overnight: see attached Rootrepeal.txt

**I have uninstalled all of the Adobe acrobat stuff you requested.

Thanks!

Now follow my last instructions.

RootRepeal.txt

Link to post
Share on other sites

  • Please download OTH.scr to your desktop.
  • Download OTL to your desktop.
  • Double click the OTH file and select Kill All Processes, your desktop will go blank
    OTH_Main.jpg
    Then select Start OTL OTL will now run
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Here is the OTL.txt results:

OTL logfile created on: 5/27/2010 2:54:39 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Donna

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 99.20 Gb Total Space | 24.10 Gb Free Space | 24.29% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.02 Gb Free Space | 60.24% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.74% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DONNA-INSPIRON

Current User Name: Jason

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Donna\OTL.exe (OldTimer Tools)

PRC - C:\Donna\OTH.scr (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)

PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

========== Modules (SafeList) ==========

MOD - C:\Donna\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (BusRMUSB) -- C:\Windows\System32\drivers\BusRMUSB.sys (Windows ® Server 2003 DDK provider)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/01 23:08:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/20 23:08:38 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe File not found

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [WinCalendar] C:\Program Files\Sapro Systems WinCalendar\WinCalendar_SysTray.exe (Sapro Systems)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}
(Office Update Installation Engine)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
(OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
(Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
(Reg Error: Key error.)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
(ActiveScan 2.0 Installer Class)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
(Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
(Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
(Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\Windows\System32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\Windows\System32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\System32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Windows\Compaq.bmp

O24 - Desktop BackupWallPaper: C:\Windows\Compaq.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2008/04/13 11:46:56 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/27 01:46:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/05/27 01:23:47 | 000,000,000 | ---D | C] -- C:\Donna

[2010/05/27 01:21:51 | 000,000,000 | ---D | C] -- C:\AVG8

[2010/05/27 01:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\VirtualStore

[2010/05/27 01:12:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\Donna

[2010/05/24 00:01:09 | 000,000,000 | -HSD | C] -- C:\%APPDATA%

[2010/05/23 21:11:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Avira

[2010/05/23 20:56:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010/05/23 20:56:15 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/05/23 20:56:15 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010/05/23 20:56:15 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010/05/23 20:56:15 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010/05/23 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/05/23 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/05/23 19:47:53 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2010/05/23 19:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2010/05/23 19:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Adobe

[2010/05/23 19:24:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\HPAppData

[2010/05/23 19:13:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\SysProt

[2010/05/23 18:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/05/23 18:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2010/05/23 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Macromedia

[2010/05/23 14:55:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com

[2010/05/23 14:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes

[2010/05/23 14:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple

[2010/05/23 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Adobe

[2010/05/23 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\AVG8

[2010/05/23 13:55:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Apple Computer

[2010/05/23 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\HotSync

[2010/05/23 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Apple Computer

[2010/05/23 13:55:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Palm OS Desktop

[2010/05/23 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\LogMeIn

[2010/05/23 13:55:40 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\MediaDirect

[2010/05/23 13:55:26 | 000,000,000 | R--D | C] -- C:\Users\Jason\Searches

[2010/05/23 13:55:13 | 000,000,000 | R--D | C] -- C:\Users\Jason\Contacts

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\Temporary Internet Files

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Templates

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Start Menu

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\SendTo

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Recent

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\PrintHood

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\NetHood

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Videos

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Pictures

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Documents\My Music

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\My Documents

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Local Settings

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\History

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Cookies

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\Application Data

[2010/05/23 13:54:57 | 000,000,000 | -HSD | C] -- C:\Users\Jason\AppData\Local\Application Data

[2010/05/23 13:54:55 | 000,000,000 | --SD | C] -- C:\Users\Jason\AppData\Roaming\Microsoft

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Videos

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Saved Games

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Pictures

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Music

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Links

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Favorites

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Downloads

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Documents

[2010/05/23 13:54:55 | 000,000,000 | R--D | C] -- C:\Users\Jason\Desktop

[2010/05/23 13:54:55 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Temp

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Symantec

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Spearit

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\My eBooks

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Microsoft

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Media Center Programs

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\InterTrust

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Identities

[2010/05/23 13:54:55 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\ApplicationHistory

[2010/05/23 02:33:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/05/23 02:30:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/05/23 02:30:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/05/23 02:30:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/05/23 02:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/05/23 02:19:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/05/23 01:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/05/23 01:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/05/23 01:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/05/23 01:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/05/23 00:26:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

[2010/05/23 00:00:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/05/23 00:00:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/05/17 21:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/17 21:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/05/17 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 30 Days ==========

[2010/05/27 14:57:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job

[2010/05/27 14:56:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job

[2010/05/27 14:53:37 | 001,835,008 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT

[2010/05/27 14:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/27 01:40:37 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/05/27 01:40:37 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/05/27 01:40:37 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/05/27 01:20:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/27 01:20:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/27 01:20:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/27 01:19:56 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/27 01:19:55 | 463,071,549 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/05/27 01:05:08 | 003,699,815 | ---- | M] () -- C:\Users\Jason\Desktop\Combo-Fix.exe

[2010/05/27 01:03:02 | 000,132,096 | ---- | M] () -- C:\Users\Jason\Desktop\RootRepeal.exe

[2010/05/26 22:04:33 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/05/26 21:37:54 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/05/26 21:37:54 | 000,065,536 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/05/23 21:06:14 | 060,315,615 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/05/23 20:56:31 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/05/23 19:51:13 | 003,264,536 | -H-- | M] () -- C:\Users\Jason\AppData\Local\IconCache.db

[2010/05/23 18:56:13 | 000,000,814 | ---- | M] () -- C:\Users\Jason\Desktop\SpywareBlaster.lnk

[2010/05/23 15:44:19 | 000,524,288 | -HS- | M] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2010/05/23 14:00:11 | 000,000,000 | ---- | M] () -- C:\Users\Jason\defogger_reenable

[2010/05/23 13:59:34 | 000,050,477 | ---- | M] () -- C:\Users\Jason\Desktop\Defogger.exe

[2010/05/23 13:55:31 | 000,084,976 | ---- | M] () -- C:\Users\Jason\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/05/23 13:54:57 | 000,000,020 | -HS- | M] () -- C:\Users\Jason\ntuser.ini

[2010/05/23 02:29:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/05/23 02:29:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/05/23 02:29:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/05/23 02:29:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/05/23 01:18:45 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2010/05/23 00:00:27 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/02 14:09:27 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg

[2010/05/02 14:09:27 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

[2010/05/02 14:09:27 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2010/04/30 22:48:11 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/28 18:23:07 | 000,338,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/05/27 01:19:55 | 463,071,549 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/05/27 01:12:09 | 003,699,815 | ---- | C] () -- C:\Users\Jason\Desktop\Combo-Fix.exe

[2010/05/27 01:12:09 | 000,132,096 | ---- | C] () -- C:\Users\Jason\Desktop\RootRepeal.exe

[2010/05/26 22:01:03 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys

[2010/05/23 20:56:31 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/05/23 18:56:13 | 000,000,814 | ---- | C] () -- C:\Users\Jason\Desktop\SpywareBlaster.lnk

[2010/05/23 14:00:11 | 000,000,000 | ---- | C] () -- C:\Users\Jason\defogger_reenable

[2010/05/23 13:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Jason\Desktop\Defogger.exe

[2010/05/23 13:57:21 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job

[2010/05/23 13:54:57 | 000,000,020 | -HS- | C] () -- C:\Users\Jason\ntuser.ini

[2010/05/23 13:54:55 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2010/05/23 13:54:55 | 000,524,288 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/05/23 13:54:55 | 000,262,144 | -H-- | C] () -- C:\Users\Jason\ntuser.dat.LOG1

[2010/05/23 13:54:55 | 000,065,536 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/05/23 13:54:55 | 000,000,000 | -H-- | C] () -- C:\Users\Jason\ntuser.dat.LOG2

[2010/05/23 13:54:54 | 001,835,008 | -HS- | C] () -- C:\Users\Jason\NTUSER.DAT

[2010/05/23 02:26:39 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job

[2010/05/23 01:18:45 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

[2010/05/23 00:00:27 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/11 22:21:33 | 001,339,392 | ---- | C] () -- C:\Windows\System32\HPBCFGRE.DLL

[2010/01/11 22:21:33 | 000,094,274 | ---- | C] () -- C:\Windows\System32\hpbhealr.dll

[2010/01/11 22:21:33 | 000,006,176 | ---- | C] () -- C:\Windows\System32\HPBFXMMA.DLL

[2010/01/11 22:21:33 | 000,006,016 | ---- | C] () -- C:\Windows\System32\hpbmint.dll

[2009/09/07 01:30:02 | 000,667,136 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/08 13:39:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2008/04/27 16:27:29 | 000,008,704 | ---- | C] () -- C:\Windows\rmubcntl.dll

[2008/04/27 16:27:29 | 000,007,680 | ---- | C] () -- C:\Windows\cvnet05.dll

[2008/04/27 16:27:29 | 000,000,090 | ---- | C] () -- C:\Windows\PsLink.ini

[2008/04/13 02:02:19 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/04/13 02:02:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/04/13 02:02:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/03/26 16:33:31 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/03/26 16:33:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2008/03/26 16:33:31 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/03/26 16:33:25 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/03/26 08:56:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2007/04/09 19:35:52 | 000,022,528 | ---- | C] () -- C:\Windows\exeshl.dll

[2007/04/08 13:21:42 | 000,000,070 | ---- | C] () -- C:\Windows\netctrl.ini

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2005/10/26 16:49:13 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI

[2004/12/28 17:40:37 | 000,027,422 | ---- | C] () -- C:\Windows\cdPlayer.ini

[2004/05/15 18:27:54 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ati2evxx.dll

[2004/02/21 03:23:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2004/02/21 02:35:22 | 000,000,242 | ---- | C] () -- C:\Windows\qwimp.ini

[2004/02/21 02:32:22 | 000,000,431 | ---- | C] () -- C:\Windows\intuprof.ini

[2004/02/21 02:31:51 | 000,000,774 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2003/05/16 17:08:24 | 000,077,824 | ---- | C] () -- C:\Windows\System32\SynTPCoI.dll

[2003/05/16 16:57:10 | 000,000,844 | ---- | C] () -- C:\Windows\orun32.ini

[2002/12/31 05:00:00 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[2002/09/09 08:15:50 | 000,000,061 | ---- | C] () -- C:\Windows\smscfg.ini

========== LOP Check ==========

[2010/05/23 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HotSync

[2008/04/11 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\InterTrust

[2008/04/11 19:47:11 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Spearit

[2010/05/26 22:01:13 | 000,000,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/05/27 14:56:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{45318DA4-9B90-4122-960C-A4279EDC28E8}.job

[2010/05/27 14:57:21 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FF8DE090-9FAF-4A72-B7A3-AEDBFCDEAF5A}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2005/11/20 14:39:26 | 000,003,954 | ---- | M] () -- C:\additdiag.txt

[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/03/26 16:33:38 | 000,004,641 | RH-- | M] () -- C:\dell.sdr

[2010/05/27 01:19:56 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys

[2008/08/30 22:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/08/30 22:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/03/26 08:56:00 | 000,022,729 | ---- | M] () -- C:\newfile.enc

[2008/03/26 08:56:00 | 000,022,729 | ---- | M] () -- C:\newkey

[2004/12/29 13:18:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2004/12/29 13:18:58 | 000,250,032 | RHS- | M] () -- C:\ntldr

[2010/05/27 01:19:55 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys

[2010/05/27 02:10:15 | 000,060,198 | ---- | M] () -- C:\RootRepeal report 05-27-10 (02-10-14).txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2007/12/11 23:01:24 | 000,054,784 | ---- | M] ()
Unable to obtain MD5
-- C:\Windows\System32\bcmwlrmt.dll

[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5
-- C:\Windows\System32\rsaenh.dll

[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5
-- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL.txt

Link to post
Share on other sites

Here is the Extras.txt results:

OTL Extras logfile created on: 5/27/2010 2:54:39 PM - Run 1

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Donna

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free

7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 99.20 Gb Total Space | 24.10 Gb Free Space | 24.29% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.02 Gb Free Space | 60.24% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 1.92 Gb Total Space | 1.92 Gb Free Space | 99.74% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DONNA-INSPIRON

Current User Name: Jason

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallDisableNotify" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2361184803-1259109635-2461311832-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe" = C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe:*:Enabled:PsLink -- ()

"C:\Windows\PsMon.exe" = C:\Windows\PsMon.exe:*:Enabled:PsMonitor -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02E37763-2D83-4190-9934-026094157B29}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

"{04DF5A56-30C9-4C75-8A73-8F66247DA820}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{11DF76CE-9B7E-4E85-B51B-26B9C9EA6967}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe |

"{22254ADB-2062-48A6-8A09-6EF12AB2C939}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{59EC45AD-8A8C-40AE-9F8F-267A68C58902}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{5E7F3FA6-F288-4ED9-AB08-CB4FE4EE9FC9}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe |

"{71A05E0C-C66B-40E6-87C8-17F2EF755E0F}" = dir=in | app=c:\program files\avg\avg8\avgam.exe |

"{72B3B4A9-FBB0-4E95-8949-E29154577F86}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{76A659DB-4068-46AD-9D89-8B37A5B0405A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{88D75288-1050-4603-9BB4-76627CFBF04D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{90245CD8-EE4F-4287-A6AE-83F61C77C60D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{902E8267-F9A9-4D63-8707-30A6A7E95E08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |

"{9734875D-4E77-4FE8-A7B6-829EA815E661}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

"{9C983804-C5EC-437B-A370-E1692DAA3FEB}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |

"{9EF91E52-37DB-4892-9026-BAE80B6521BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{C5FE714A-3C00-420A-95D9-F559EBDADB39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CB760BCC-558A-4CB0-8C25-F50A14585C1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |

"{D8887B7D-71EF-4BC5-A899-C9251010310A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{DF9461E1-FF63-443B-A5E3-495197B6A879}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{E77527E9-10C9-426C-BFD4-792A50BA31F3}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"TCP Query User{3CD605E6-282F-4608-AAE6-F2D031FD66A9}C:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe |

"TCP Query User{58B9BAE2-D80D-42A3-B43C-AE0EE2D3EEAD}C:\program files\showmypc\smwinvnc.exe" = protocol=6 | dir=in | app=c:\program files\showmypc\smwinvnc.exe |

"TCP Query User{89D1DEBC-A901-4D5D-84EC-CB53400B0FAD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{BC11BF1E-88B5-4CF1-8D74-D235F0C37F83}C:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe |

"TCP Query User{DD2A1975-4DB9-446E-A225-AF90AEE811D4}C:\program files\laplink\pcmover\pcmover.exe" = protocol=6 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe |

"UDP Query User{15A264A9-BB45-4A61-87CF-F83A73621C2A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{1A7C5DAF-E048-4CE5-84F9-64C2CA348445}C:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smwinvnc.exe |

"UDP Query User{4C4504B7-EF2F-43DE-8E3F-544B6D1EC733}C:\program files\showmypc\smwinvnc.exe" = protocol=17 | dir=in | app=c:\program files\showmypc\smwinvnc.exe |

"UDP Query User{6F835449-5DD3-462E-924B-BE632EA380A5}C:\program files\laplink\pcmover\pcmover.exe" = protocol=17 | dir=in | app=c:\program files\laplink\pcmover\pcmover.exe |

"UDP Query User{9EAD7C60-DE17-44B2-BAD5-51A9D30AA118}C:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\donna\appdata\local\temp\ixp000.tmp\smpcsetup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004

"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online

"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6EA363F3-C5F3-4694-B766-70EE8BDF3EFF}" = PS370

"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour

"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F5F3634-4F0F-477D-AA79-25AEB425B517}" = Airlink101 PS Software

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes

"{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}" = Hoyle Games Demo

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC0C7D59-DE76-4AC0-9A84-A3B4D315CE11}" = ArcSoft Media Card Companion

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide

"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28

"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1

"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced Video FX Engine" = Advanced Video FX Engine

"AudibleManager" = AudibleManager

"AVG8Uninstall" = AVG 8.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only)

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)

"CrossWord" = CrossWord

"Crossword Compiler 7" = Crossword Compiler 7

"Crossword Weaver 8.0" = Crossword Weaver 8.0

"Dell Webcam Center" = Dell Webcam Center

"Dell Webcam Manager" = Dell Webcam Manager

"ESET Online Scanner" = ESET Online Scanner v3

"ExamView Player" = ExamView Player

"ExamView Pro" = ExamView Pro

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HPOCR" = HP OCR Software 9.0

"ie7" = Windows Internet Explorer 7

"InstallShield_{224C47F4-CB95-406C-8AD6-81002FEED0CF}" = Hoyle Casino 2004

"InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1}" = iPod for Windows 2005-09-06

"InstallShield_{9B738A2B-FA31-4483-BC1B-7C49CE4F3C59}" = Hoyle Games Demo

"InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide

"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28

"InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MATS_3.0" = Mortician's Assessment Testing Simulator 4.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"SpywareBlaster_is1" = SpywareBlaster 4.3

"TOPO!" = TOPO!

"WinCalendar" = WinCalendar

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WordWeb" = WordWeb Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/22/2009 12:15:40 PM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474

Description = Windows (3068) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"

at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192

(0x00002000) bytes failed verification due to a page checksum mismatch. The expected

checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was

3644875090194347794 (0x3295329549b43712). The read operation will fail with error

-1018 (0xfffffc06). If this condition persists then please restore the database

from a previous backup. This problem is likely due to faulty hardware. Please

contact your hardware vendor for further assistance diagnosing the problem.

Error - 11/22/2009 12:16:01 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008

Description =

Error - 11/22/2009 3:38:21 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008

Description =

Error - 11/23/2009 12:07:04 AM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474

Description = Windows (3668) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"

at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192

(0x00002000) bytes failed verification due to a page checksum mismatch. The expected

checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was

3644875090194347794 (0x3295329549b43712). The read operation will fail with error

-1018 (0xfffffc06). If this condition persists then please restore the database

from a previous backup. This problem is likely due to faulty hardware. Please

contact your hardware vendor for further assistance diagnosing the problem.

Error - 11/23/2009 12:07:15 AM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008

Description =

Error - 11/23/2009 12:21:56 AM | Computer Name = Donna-Inspiron | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 11/23/2009 12:39:56 AM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008

Description =

Error - 11/23/2009 11:25:11 PM | Computer Name = Donna-Inspiron | Source = ESENT | ID = 474

Description = Windows (3364) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"

at offset 43458560 (0x0000000002972000) (database page 5304 (0x14B8)) for 8192

(0x00002000) bytes failed verification due to a page checksum mismatch. The expected

checksum was 3644875088957800448 (0x3295329500000000) and the actual checksum was

3644875090194347794 (0x3295329549b43712). The read operation will fail with error

-1018 (0xfffffc06). If this condition persists then please restore the database

from a previous backup. This problem is likely due to faulty hardware. Please

contact your hardware vendor for further assistance diagnosing the problem.

Error - 11/23/2009 11:25:13 PM | Computer Name = Donna-Inspiron | Source = Windows Search Service | ID = 3008

Description =

Error - 11/24/2009 12:21:40 AM | Computer Name = Donna-Inspiron | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

[ Broadcom Wireless LAN Events ]

Error - 5/22/2010 8:40:22 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 17:40:22, Sat, May 22, 10 Error - Unable to switch user context, error

87

Error - 5/23/2010 1:50:13 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 10:50:13, Sun, May 23, 10 Error - Unable to gain access to user store

Error - 5/23/2010 7:01:58 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 16:01:58, Sun, May 23, 10 Error - Unable to gain access to user store

Error - 5/23/2010 7:03:18 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 16:03:18, Sun, May 23, 10 Error - Unable to switch user context, error

87

Error - 5/23/2010 7:09:54 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 16:09:54, Sun, May 23, 10 Error - Unable to gain access to user store

Error - 5/23/2010 9:44:33 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 18:44:32, Sun, May 23, 10 Error - Unable to gain access to user store

Error - 5/24/2010 3:22:52 AM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 00:22:51, Mon, May 24, 10 Error - Unable to gain access to user store

Error - 5/24/2010 12:02:33 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 09:02:33, Mon, May 24, 10 Error - Unable to switch user context, error

87

Error - 5/24/2010 12:05:57 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 09:05:55, Mon, May 24, 10 Error - Unable to gain access to user store

Error - 5/24/2010 12:07:22 PM | Computer Name = Donna-Inspiron | Source = WLAN-Tray | ID = 0

Description = 09:07:22, Mon, May 24, 10 Error - Unable to switch user context, error

87

[ Media Center Events ]

Error - 3/12/2009 10:37:10 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/22/2009 1:31:13 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/25/2009 12:26:36 AM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/25/2009 9:00:16 PM | Computer Name = Donna-Inspiron | Source = Media Center Guide | ID = 0

Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError

returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]

Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009

Description =

Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000

Description =

Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7001

Description =

Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009

Description =

Error - 5/27/2010 4:21:30 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000

Description =

Error - 5/27/2010 4:26:01 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7034

Description =

Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = DCOM | ID = 10005

Description =

Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7009

Description =

Error - 5/27/2010 4:46:49 AM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7000

Description =

Error - 5/27/2010 5:52:28 PM | Computer Name = Donna-Inspiron | Source = Service Control Manager | ID = 7034

Description =

< End of report >

Extras.Txt

Link to post
Share on other sites

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping Avira AntiVir , so please uninstall AVG 8.5 .

Next, delete your copy of ComboFix, download a new fresh one and try again.

Link to post
Share on other sites

Thanks, I had already done that. Prior to coming here for help I had installed a few other programs to try and help get rid of the situation.

This computer previously only had AVG Internet Security.

I have since uninstalled EVERYTHING malware/antivirus related except for AVIRA Antivir and Malwarebytes.

Malwarebytes repeatedly shows blocked ip messages if the computer is connected to the internet. I don't see any IE running in the taskmanager either.

Lastnight I tried repeatedly to get Combofix to run. First I uninstalled combofix (ie: rename the combo-fix.exe file to uninstall.exe and ran). It said it uninstalled, although I still had a few 'Combo-Fix1134' (or some weird numbering listed in Mycomputer/C drive. I think this was related to me trying combofix multiple times and it hanging indefinately.

I ended up putting those in the recycling bin, restarting and redownloading Combofix to the desktop as Combo-Fix.exe.

Last night it ran for +12hours and it didn't budge form the screen stating it shouldn't take more than 10minutes, but on infected it may take longer.

**I have 'disabled' Malwarebytes protection, and Disabled Avira protection prior to running Combofix. I also have WindowsDefender turned off.

I don't know why it will not run. Tried both in normal windows logon and in safemode. Get similar problems.

Suggestions?

Link to post
Share on other sites

Maniac,

Thanks for your help, however Nothing we tried was working. For the life of me I couldn't get Combo to run. I've also noticed some issues with the User Profile Service not loading properly on restarts.

In-lieu of wasting any more time, I opted to do a complete system restore (after backing up the documents necessary).

Thanks again

Link to post
Share on other sites

This is my job, don't worry!

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.