Jump to content

Can only run pc in safe mode


Recommended Posts

Link to my orig. post.

http://forums.malwarebytes.org/index.php?showtopic=71520

I'm computer illiterate, so any help would be great right now..:welcome:

Story goes like this. Pc ran slow, I contacted Cyber defender, they down loaded a bunch of stuff...pc started to run slower, then with in a month when I logged on the desk top was black, no icons nothing. I could only run in safe mode. CD, worked on it for 4 days, they said they could do nothing and that I needed to do a system restore. I did a little research, found some real bad things about CD, I called cancelled (lost lots of money btw.) and now Im trying to fix this myself.

Please help!

Link to post
Share on other sites

:)

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Link to post
Share on other sites

Found the log.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5443

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18975

1/5/2011 2:07:08 PM

mbam-log-2011-01-05 (14-07-08).txt

Scan type: Quick scan

Objects scanned: 0

Time elapsed: 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I'm not seeing any infections but lets do another scan.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the log.

Computer seems to run ok, but it's still in safe mode.

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2960)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

Completion time: 2011-01-06 11:08:19

ComboFix-quarantined-files.txt 2011-01-06 16:08

Pre-Run: 115,607,748,608 bytes free

Post-Run: 117,010,186,240 bytes free

- - End Of File - - 07CA5EA0E1A6F8B835A0E4604402947D

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

Folder::
c:\program files\HOTLLAMA MEDIA

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

See if you can run combix in Normal Mode now.

Link to post
Share on other sites

1. Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file. To do this, follow these steps:

Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

2. Type the following command, and then press ENTER:

sfc /scannow <-- Note the space, it needs to be there.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe

Folder::
c:\program files\Common Files\Authentium\AntiVirus5
c:\program files\Common Files\Authentium

Driver::
vseamps
vsedsps
vseqrts

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Link to post
Share on other sites

OTL logfile created on: 1/9/2011 10:32:36 AM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Holiday24\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.00 Mb Total Physical Memory | 194.00 Mb Available Physical Memory | 28.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): c:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.53 Gb Total Space | 108.85 Gb Free Space | 79.15% Space Free | Partition Type: NTFS

Drive D: | 11.52 Gb Total Space | 2.00 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: HOLIDAY24-PC | User Name: Holiday24 | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Holiday24\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Holiday24\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIRescue_e0cd73cf-f632-45f9-b2a6-6927efdb0e73) LogMeIn Rescue (e0cd73cf-f632-45f9-b2a6-6927efdb0e73) -- C:\Windows\LMIDF18.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)

SRV - (LMIRescue_94c99857-1142-48e2-ab43-5f47025fe47b) LogMeIn Rescue (94c99857-1142-48e2-ab43-5f47025fe47b) -- C:\Windows\LMIBC5C.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)

SRV - (LMIRescue_3f56a04f-e009-445b-8eb3-36888c873524) LogMeIn Rescue (3f56a04f-e009-445b-8eb3-36888c873524) -- C:\Windows\LMIB95D.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)

SRV - (LMIRescue_0b6e0fe5-ad28-4220-8023-ed97a278f1f8) LogMeIn Rescue (0b6e0fe5-ad28-4220-8023-ed97a278f1f8) -- C:\Windows\LMI44ED.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

========== Driver Services (SafeList) ==========

DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- C:\Windows\System32\DRIVERS\swumx20.sys File not found

DRV - (SASKUTIL) -- C:\Users\Cyde\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS File not found

DRV - (SASDIFSV) -- C:\Users\Cyde\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (swmsflt) -- C:\Windows\System32\drivers\swmsflt.sys ()

DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\Windows\System32\drivers\swumx80.sys (Sierra Wireless Inc.)

DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\Windows\System32\drivers\swnc8u80.sys (Sierra Wireless Inc.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56) -- C:\Windows\System32\drivers\swumx56.sys (Sierra Wireless Inc.)

DRV - (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56) -- C:\Windows\System32\drivers\swnc8u56.sys (Sierra Wireless Inc.)

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) -- C:\Windows\System32\drivers\s616unic.sys (MCCI Corporation)

DRV - (s616obex) -- C:\Windows\System32\drivers\s616obex.sys (MCCI Corporation)

DRV - (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) -- C:\Windows\System32\drivers\s616nd5.sys (MCCI Corporation)

DRV - (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s616mgmt.sys (MCCI Corporation)

DRV - (s616mdm) -- C:\Windows\System32\drivers\s616mdm.sys (MCCI Corporation)

DRV - (s616mdfl) -- C:\Windows\System32\drivers\s616mdfl.sys (MCCI Corporation)

DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\Windows\System32\drivers\s616bus.sys (MCCI Corporation)

DRV - (swivsp) -- C:\Windows\System32\drivers\swivspnt.sys (Sierra Wireless Inc.)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (SWNC8U12) Sierra Wireless MUX NDIS Driver (UMTS12) -- C:\Windows\System32\drivers\swnc8u12.sys (Sierra Wireless Inc.)

DRV - (swumx12) Sierra Wireless USB MUX Driver (UMTS12) -- C:\Windows\System32\drivers\swumx12.sys (Sierra Wireless Inc.)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/01/07 12:46:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKLM..\RunOnce: [] File not found

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Holiday24\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/11/04 13:54:40 | 000,000,000 | -H-D | M]

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Holiday24\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Holiday24\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/02/22 11:09:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 10:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holiday24\Desktop\OTL.exe

[2011/01/07 12:53:50 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/01/07 12:53:50 | 000,000,000 | ---D | C] -- C:\Users\Holiday24\AppData\Local\temp

[2011/01/07 12:46:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/01/07 12:24:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/01/06 10:21:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/01/06 10:21:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/01/06 10:21:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/01/06 10:21:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/01/06 10:21:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/01/02 13:20:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/01/02 13:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/02 13:20:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 10:30:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holiday24\Desktop\OTL.exe

[2011/01/08 22:41:54 | 000,007,944 | ---- | M] () -- C:\Users\Holiday24\AppData\Local\d3d9caps.dat

[2011/01/08 18:22:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/07 23:49:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/07 23:49:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/01/07 23:49:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/01/07 12:46:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/01/07 12:43:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/06 10:20:22 | 004,149,808 | R--- | M] () -- C:\Users\Holiday24\Desktop\ComboFix.exe

[2011/01/05 13:34:40 | 000,624,128 | ---- | M] () -- C:\Users\Holiday24\Desktop\dds.scr

[2011/01/02 13:20:42 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/26 19:20:37 | 000,594,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/26 19:20:37 | 000,100,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 10:21:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/01/06 10:21:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/01/06 10:21:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/01/06 10:21:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/01/06 10:21:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/01/06 10:20:20 | 004,149,808 | R--- | C] () -- C:\Users\Holiday24\Desktop\ComboFix.exe

[2011/01/05 13:34:39 | 000,624,128 | ---- | C] () -- C:\Users\Holiday24\Desktop\dds.scr

[2011/01/02 13:20:42 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/08 09:55:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/11/04 16:09:03 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/11/03 17:37:02 | 000,000,085 | ---- | C] () -- C:\Windows\AuthentiumException.ini

[2009/11/26 19:13:39 | 000,000,066 | ---- | C] () -- C:\Windows\st_affiliate.ini

[2009/07/08 13:15:15 | 000,000,126 | ---- | C] () -- C:\Users\Holiday24\AppData\Roaming\wklnhst.dat

[2008/09/01 13:42:18 | 000,026,760 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys

[2008/07/12 17:40:38 | 000,136,448 | ---- | C] () -- C:\Windows\RMTOOLS.DLL

[2008/05/10 22:36:02 | 000,027,715 | ---- | C] () -- C:\Users\Holiday24\AppData\Roaming\nvModes.001

[2008/05/10 20:58:47 | 000,006,656 | ---- | C] () -- C:\Users\Holiday24\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/05/09 08:05:22 | 000,027,715 | ---- | C] () -- C:\Users\Holiday24\AppData\Roaming\nvModes.dat

[2008/05/09 08:05:22 | 000,007,944 | ---- | C] () -- C:\Users\Holiday24\AppData\Local\d3d9caps.dat

[2008/05/09 01:15:44 | 000,000,000 | ---- | C] () -- C:\Users\Holiday24\AppData\Local\QSwitch.txt

[2008/05/09 01:15:44 | 000,000,000 | ---- | C] () -- C:\Users\Holiday24\AppData\Local\DSwitch.txt

[2008/05/09 01:15:44 | 000,000,000 | ---- | C] () -- C:\Users\Holiday24\AppData\Local\AtStart.txt

[2008/04/09 16:06:43 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/02/22 11:23:30 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/01/16 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Holiday24\AppData\Roaming\LimeWire

[2008/11/15 12:54:24 | 000,000,000 | ---D | M] -- C:\Users\Holiday24\AppData\Roaming\MSNInstaller

[2009/02/01 12:33:18 | 000,000,000 | ---D | M] -- C:\Users\Holiday24\AppData\Roaming\Sierra Wireless

[2009/07/08 13:15:26 | 000,000,000 | ---D | M] -- C:\Users\Holiday24\AppData\Roaming\Template

[2008/05/16 09:04:15 | 000,000,000 | ---D | M] -- C:\Users\Holiday24\AppData\Roaming\WildTangent

[2011/01/07 23:51:12 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/11/26 22:42:34 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F973820E-C8D0-4D21-AB4C-3ADC87518268}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2008/02/22 11:09:01 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2010/11/11 12:42:29 | 000,001,600 | ---- | M] () -- C:\CD3rdPartyWrapper.log

[2011/01/07 12:53:49 | 000,011,718 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/09/28 12:31:10 | 000,170,280 | ---- | M] () -- C:\cybdefauth_i.log

[2010/11/06 05:46:06 | 000,001,800 | ---- | M] () -- C:\cybdefauth_u.log

[2010/11/06 05:47:23 | 000,031,190 | ---- | M] () -- C:\CybDefInstallInfo.log

[2010/09/28 12:30:43 | 000,000,113 | ---- | M] () -- C:\CybDefWebInstaller.log

[2008/07/12 17:39:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/02/22 10:45:31 | 000,000,384 | -H-- | M] () -- C:\IPH.PH

[2008/07/12 17:39:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/01/08 18:22:36 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys

[2010/09/28 09:14:29 | 000,000,349 | ---- | M] () -- C:\rkill.log

[2010/09/28 10:38:01 | 000,061,964 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_28.09.2010_11.37.20_log.txt

[2010/11/04 13:53:07 | 000,061,986 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_04.11.2010_14.52.10_log.txt

[2010/11/05 13:42:10 | 000,061,746 | ---- | M] () -- C:\TDSSKiller.2.4.5.0_05.11.2010_14.37.19_log.txt

[2010/11/04 15:56:50 | 000,061,988 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_04.11.2010_16.56.01_log.txt

[2010/11/07 09:44:35 | 000,061,760 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_07.11.2010_09.44.08_log.txt

[2008/05/08 12:16:22 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/02/25 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9I.DLL

[2008/02/25 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9I.DLL

[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2010/11/08 10:08:30 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\user32.dll /md5 >

[2009/04/10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2008/01/20 21:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >

[2006/11/02 04:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

OTL Extras logfile created on: 1/9/2011 10:32:36 AM - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Holiday24\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.00 Mb Total Physical Memory | 194.00 Mb Available Physical Memory | 28.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free

Paging file location(s): c:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.53 Gb Total Space | 108.85 Gb Free Space | 79.15% Space Free | Partition Type: NTFS

Drive D: | 11.52 Gb Total Space | 2.00 Gb Free Space | 17.34% Space Free | Partition Type: NTFS

Computer Name: HOLIDAY24-PC | User Name: Holiday24 | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)

"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{8AAABF9A-9026-4881-8E6A-91D04D9FCAF8}" = lport=3033 | protocol=6 | dir=in | name=lime wire |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08A46BBF-829A-4578-9FCD-B2B7C7C47BA5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{276004BA-DF60-4575-8948-E47665F547E9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{28015A07-D3A5-49F6-BA4A-1B4F77B90336}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{3023CE5C-D4B1-45F5-BB09-2F5B9AA90D34}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{3037B1E1-B16B-4194-9B7A-86E0BD077C2D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{357A92EA-8A39-4B0C-A4CC-408F83679FDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3BB2CBAE-2184-4526-8032-E1DDEAFF1D61}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{43B9DC11-A6C5-46B5-93B3-F0F34EB753BA}" = protocol=17 | dir=in | app=c:\users\holiday24\appdata\local\temp\7zs1850.tmp\symnrt.exe |

"{4CB2CE2A-57EF-4467-92A0-5C536B0B9129}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{4E5A374D-E001-4E93-A521-8A1AFB03F07E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{73220C0D-652A-479D-8F5E-A1EFC3AAE24C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{76AD6D7D-9BB2-47D2-AC5A-4E1228C18C25}" = protocol=6 | dir=in | app=c:\users\holiday24\appdata\local\temp\7zs1850.tmp\symnrt.exe |

"{7A1CF39D-BB44-4B67-9C69-A750F45C35BD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{7ED993CC-7E44-4AC4-9C5E-CB26E793A24B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{9F033AC3-BF32-4FFD-9F4B-1B278F7F2623}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{C171A0C1-1F41-4210-B12C-E9D305A246E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{C64E76E7-27A2-449D-9B43-11695147AFC1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{E5D40348-AA18-48BE-A6E2-7A1E5EBF304A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{E60955FD-929C-4E3F-85F9-B28542A77657}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{E6AC8D39-8581-4F6D-817E-55B07D14A535}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{F471099C-B059-46E2-A604-6C86DCDE9083}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"TCP Query User{058C1BB2-2723-4034-AD94-CFBA65138A68}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{24803C34-2674-450E-A539-2CDA2A89C725}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{79EC49AD-89BD-4F4C-8593-070D20CE6182}C:\tools\launcher.exe" = protocol=6 | dir=in | app=c:\tools\launcher.exe |

"TCP Query User{D04BC455-F7D4-442B-861E-484F73181D61}C:\program files\yahoo!\messenger\yserver.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"UDP Query User{060650D8-42E8-43E1-B051-9CDB6EECF8EE}C:\program files\yahoo!\messenger\yserver.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"UDP Query User{32F0F10E-6A1C-4B19-A716-7773110473F7}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{3CD01F72-E6B1-4CF0-9B59-92A8C6589B8B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{8AF0B256-8DFA-44EF-A028-30B12E9E345E}C:\tools\launcher.exe" = protocol=17 | dir=in | app=c:\tools\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing

"{110E8E90-1F9A-4804-9221-1DA0D0379C90}" = SA30xx Media Converter

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager

"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support

"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5DC09527-BE89-4FD0-AF67-73FBA5EEB8BC}" = SA30xx Media Converter

"{656C0E21-331E-11DF-81CE-005056806466}" = Google Earth

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A4C70642-924B-45C4-A5BA-4B5A6BED438C}" = Online Tech Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091

"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{FD822CF3-8CFD-4A73-A90A-95CAFF3CB102}" = Sierra Wireless 3G Watcher

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1

"PokerStars" = PokerStars

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.