WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93118 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible Malware Infection - File/Folder Permissions and IE 8 Browser

Started by lmacri , Feb 04 2011 04:03 PM

This topic is locked

47 replies to this topic

#16 lmacri

Authentic Member

Authentic Member
37 posts

Posted 13 February 2011 - 03:56 PM

Hi CatByte:

Here are the OTL logs as requested. I checked with CCleaner and confirmed that all my old restore points have been purged.

Please see my comments about DigitalPersona Personal in my next post. I hope I'm not leading you down another dead end.

--------

Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.5.1.1100 * HijackThis v. 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

_________________________

OTL logfile created on: 13/02/2011 3:17:16 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Lori\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.82 Gb Total Space | 170.00 Gb Free Space | 76.99% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.74 Gb Free Space | 14.39% Space Free | Partition Type: NTFS

Computer Name: LORI-PC | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 15:10:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/06/09 09:25:54 | 007,539,232 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/12 11:43:50 | 000,226,904 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

========== Modules (SafeList) ==========

MOD - [2011/02/13 15:10:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 13:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/09/24 20:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 00:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 00:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 00:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/20 20:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/20 20:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/20 20:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/20 07:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [On_Demand | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/27 21:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/09 09:13:42 | 002,366,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/04 11:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/02 16:42:24 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/01/24 23:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/12 13:12:38 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/12/12 13:12:38 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/12/12 13:12:38 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/05/08 12:18:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/03 16:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/03 16:41:38 | 000,000,000 | ---D | M]

[2011/01/20 21:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lori\AppData\Roaming\Mozilla\Extensions
[2010/06/14 13:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lori\AppData\Roaming\Mozilla\Extensions\58282EC3-9AC0-4ab3-9BC3-6362BA4F2F5E
[2011/02/13 11:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions
[2011/02/03 16:41:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/03 16:41:45 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2011/02/03 16:41:50 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2011/01/20 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/09 11:35:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: shavlik.com ([it] https in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.h...osticsVista.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lori\Pictures\1280_crabnebula.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lori\Pictures\1280_crabnebula.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/25 15:49:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave6 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 15:10:16 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
[2011/02/13 07:02:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lori\Desktop\TFC.exe
[2011/02/10 08:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/09 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\WindowsUpdate
[2011/02/09 12:18:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/09 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\temp
[2011/02/09 12:14:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/09 12:06:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/09 12:06:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/09 11:22:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/09 11:22:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/09 11:22:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/09 11:22:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/09 11:20:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/09 08:43:05 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 08:43:04 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 08:43:02 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 08:42:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 08:42:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 08:42:55 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 08:42:55 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/09 08:42:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 08:42:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 08:42:54 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 08:42:54 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 08:42:54 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 08:42:54 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 08:42:54 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 08:42:54 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 08:42:53 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 08:42:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 08:42:53 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 08:42:53 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 08:42:52 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 08:42:52 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 08:42:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 08:42:52 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 08:42:52 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 08:42:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 08:42:50 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 08:42:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 08:42:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 08:42:36 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 08:42:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 08:42:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 08:42:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 08:42:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 08:42:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 08:42:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 08:42:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 08:42:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 08:42:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 08:42:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 08:42:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 08:42:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 08:42:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 08:42:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 08:42:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 08:42:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 08:42:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 08:42:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/07 22:25:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/03 08:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/03 08:54:03 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/03 08:25:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(295)
[2011/02/03 08:25:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/02/03 07:48:11 | 000,000,000 | ---D | C] -- C:\Users\Lori\Documents\WIn Files and FOlders Automatic ResultReport 03 Feb 2011_files
[2011/02/01 14:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/01 14:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(164)
[2011/02/01 14:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/01 14:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(165)
[2011/02/01 14:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/01 10:37:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE(6).BIN
[2011/02/01 10:31:41 | 000,000,000 | ---D | C] -- C:\Users\Lori\Documents\MS FixIT File and Folder Permisions
[2011/01/29 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\Lori\Documents\MS FixIT IE Add-on Diagnostic Result Report_files
[2011/01/27 13:35:02 | 000,000,000 | ---D | C] -- C:\Users\Lori\Documents\CyberLink CL Cleaner
[2011/01/26 09:46:12 | 000,000,000 | ---D | C] -- C:\288b594930c641eac4
[2011/01/21 11:09:59 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\Secunia PSI
[2011/01/20 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\Mozilla
[2011/01/20 21:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/20 21:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/20 13:54:04 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Roaming\Foxit Software
[2011/01/20 13:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2011/01/18 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\QuickPlay
[2011/01/15 16:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/01/15 16:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2009/07/31 20:02:20 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/07/31 20:02:20 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/07/31 20:02:20 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/07/31 20:02:20 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/07/31 20:02:19 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe

========== Files - Modified Within 30 Days ==========

[2011/02/13 15:16:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8379694C-F8AF-4C5E-A380-BEA99E17B597}.job
[2011/02/13 15:10:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
[2011/02/13 15:00:07 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/13 15:00:07 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/13 14:53:01 | 000,048,992 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/13 14:53:00 | 000,048,992 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/13 14:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/13 13:10:43 | 000,002,521 | ---- | M] () -- C:\Users\Lori\Desktop\HiJackThis.lnk
[2011/02/13 09:00:34 | 000,002,607 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/02/13 07:03:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\TFC.exe
[2011/02/11 12:41:51 | 000,296,448 | ---- | M] () -- C:\Users\Lori\Desktop\c4n115pg.exe
[2011/02/11 12:27:07 | 000,269,076 | ---- | M] () -- C:\Users\Lori\Desktop\WER-148029-0.sysdata.xml
[2011/02/11 09:34:44 | 000,033,117 | R--- | M] () -- C:\Users\Lori\Documents\Milk Prices as of 01 Feb 2011.PDF
[2011/02/11 08:56:47 | 000,002,609 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/02/09 17:31:00 | 000,681,856 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/09 17:31:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/09 17:31:00 | 000,130,648 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/09 17:31:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/09 13:25:16 | 000,001,186 | ---- | M] () -- C:\Users\Lori\Desktop\WhatTheTeck Forum Post for HijackThis Log.lnk
[2011/02/09 12:30:52 | 000,296,448 | ---- | M] () -- C:\Users\Lori\Desktop\mi865h5d.exe
[2011/02/09 12:29:35 | 000,624,128 | ---- | M] () -- C:\Users\Lori\Desktop\dds.com
[2011/02/09 11:35:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/09 09:20:18 | 004,265,880 | R--- | M] () -- C:\Users\Lori\Desktop\ComboFix.exe
[2011/02/09 08:54:29 | 000,298,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/03 17:00:53 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/03 07:48:11 | 000,072,622 | ---- | M] () -- C:\Users\Lori\Documents\WIn Files and FOlders Automatic ResultReport 03 Feb 2011.html
[2011/02/01 14:26:03 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/01/29 15:51:40 | 000,000,438 | ---- | M] () -- C:\Users\Lori\Desktop\Windows - Shortcut.lnk
[2011/01/29 12:17:00 | 000,000,372 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Documents.lnk
[2011/01/29 11:27:55 | 000,272,242 | ---- | M] () -- C:\Users\Lori\Documents\MS FixIT IE Add-on Diagnostic Result Report.html
[2011/01/25 14:01:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/20 21:39:05 | 000,001,748 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/20 21:39:05 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/20 14:05:30 | 000,001,191 | ---- | M] () -- C:\Users\Lori\Desktop\CyberLink DVD Suite Uninstall.lnk
[2011/01/20 13:53:37 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/01/20 13:48:47 | 000,000,255 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/01/20 13:39:56 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2011/01/20 10:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/01/20 10:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/01/20 10:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/20 10:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/01/20 10:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/20 10:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/20 10:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/20 10:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/20 10:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/01/20 10:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/01/20 08:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/01/20 08:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/20 08:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/01/20 08:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/01/20 08:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/20 08:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/20 08:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/20 08:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/20 08:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/20 08:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/20 08:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/20 08:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/01/20 07:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/20 07:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/20 07:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/18 15:25:41 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2011/01/18 15:21:09 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2011/01/16 11:14:32 | 000,002,583 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access.lnk
[2011/01/15 16:16:42 | 000,000,952 | ---- | M] () -- C:\Users\Lori\Desktop\Gerrard Fluffy Law 22 Mar 2010.doc - Shortcut.lnk
[2011/01/15 16:06:57 | 000,000,578 | ---- | M] () -- C:\Users\Lori\Desktop\CutePDF - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/02/11 12:41:31 | 000,296,448 | ---- | C] () -- C:\Users\Lori\Desktop\c4n115pg.exe
[2011/02/11 12:30:46 | 000,269,076 | ---- | C] () -- C:\Users\Lori\Desktop\WER-148029-0.sysdata.xml
[2011/02/11 09:34:44 | 000,033,117 | R--- | C] () -- C:\Users\Lori\Documents\Milk Prices as of 01 Feb 2011.PDF
[2011/02/09 13:25:15 | 000,001,186 | ---- | C] () -- C:\Users\Lori\Desktop\WhatTheTeck Forum Post for HijackThis Log.lnk
[2011/02/09 12:30:03 | 000,296,448 | ---- | C] () -- C:\Users\Lori\Desktop\mi865h5d.exe
[2011/02/09 12:27:46 | 000,624,128 | ---- | C] () -- C:\Users\Lori\Desktop\dds.com
[2011/02/09 11:22:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/09 11:22:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/09 11:22:12 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/09 11:22:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/09 11:22:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/09 09:20:07 | 004,265,880 | R--- | C] () -- C:\Users\Lori\Desktop\ComboFix.exe
[2011/02/03 08:54:03 | 000,002,521 | ---- | C] () -- C:\Users\Lori\Desktop\HiJackThis.lnk
[2011/02/03 07:48:11 | 000,072,622 | ---- | C] () -- C:\Users\Lori\Documents\WIn Files and FOlders Automatic ResultReport 03 Feb 2011.html
[2011/02/01 14:54:43 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/29 15:51:40 | 000,000,438 | ---- | C] () -- C:\Users\Lori\Desktop\Windows - Shortcut.lnk
[2011/01/29 12:17:00 | 000,000,372 | ---- | C] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Documents.lnk
[2011/01/29 11:27:55 | 000,272,242 | ---- | C] () -- C:\Users\Lori\Documents\MS FixIT IE Add-on Diagnostic Result Report.html
[2011/01/20 21:39:05 | 000,001,748 | ---- | C] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/20 21:39:05 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/20 14:05:30 | 000,001,191 | ---- | C] () -- C:\Users\Lori\Desktop\CyberLink DVD Suite Uninstall.lnk
[2011/01/20 13:53:37 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/01/18 12:43:42 | 000,001,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay Manager.lnk
[2011/01/18 12:43:42 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay.lnk
[2011/01/15 16:41:32 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/01/15 16:16:42 | 000,000,952 | ---- | C] () -- C:\Users\Lori\Desktop\Gerrard Fluffy Law 22 Mar 2010.doc - Shortcut.lnk
[2011/01/15 16:06:57 | 000,000,578 | ---- | C] () -- C:\Users\Lori\Desktop\CutePDF - Shortcut.lnk
[2009/07/31 20:02:19 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/07/31 20:01:36 | 000,000,255 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/26 12:45:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/22 09:56:22 | 000,048,992 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/22 09:56:22 | 000,048,992 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/04 15:08:05 | 000,000,680 | ---- | C] () -- C:\Users\Lori\AppData\Local\d3d9caps.dat
[2008/09/11 17:42:44 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\FnF4.txt
[2008/09/03 08:07:05 | 000,007,168 | ---- | C] () -- C:\Users\Lori\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/19 07:42:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/19 06:28:38 | 000,000,314 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\wklnhst.dat
[2008/08/16 20:02:55 | 000,027,744 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\nvModes.001
[2008/08/16 19:47:36 | 000,027,744 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\nvModes.dat
[2008/08/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\QSwitch.txt
[2008/08/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\DSwitch.txt
[2008/08/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\AtStart.txt
[2008/08/10 13:33:01 | 000,007,837 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/12/04 13:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

_______________________________________________

OTL Extras logfile created on: 13/02/2011 3:17:16 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Lori\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.82 Gb Total Space | 170.00 Gb Free Space | 76.99% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.74 Gb Free Space | 14.39% Space Free | Partition Type: NTFS

Computer Name: LORI-PC | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{216C95C4-59FF-4783-8983-3659C43CD5FA}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{29A15DE1-D998-4317-89A7-90E463BA203F}" = protocol=6 | dir=in | app=c:\users\lori\appdata\local\temp\7zs9a3e.tmp\symnrt.exe |
"{4D30D9A4-5CE2-4233-BADF-8E1D62009D96}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{77BCA5BE-2C38-42E8-9A4A-46DD6363BDF2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{94625C72-2D23-403C-B254-6192FAB20B25}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F9272D77-2A16-4CAA-A993-8002462C52AD}" = protocol=17 | dir=in | app=c:\users\lori\appdata\local\temp\7zs9a3e.tmp\symnrt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{772997BF-C04E-4FD2-B04F-24D06D649C68}" = Windows Live Install Wizard
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3C1579F-C9BB-4479-B343-B22C5C283D47}" = Vista Services Optimizer
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"5244-9769-3058-9401" = Moneydance 2010
"AceMoney Lite_is1" = AceMoney Lite
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Analyse-it for Excel" = Analyse-it for Microsoft Excel
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"Fund Manager" = Fund Manager
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Registry First Aid_is1" = Registry First Aid
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/02/2011 1:59:06 PM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application mi865h5d.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module mi865h5d.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xd40, application
start time 0x01cbca1541035914.

Error - 11/02/2011 2:03:48 PM | Computer Name = Lori-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/02/2011 2:08:42 PM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application mi865h5d.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module mi865h5d.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0x71c, application
start time 0x01cbca1633163810.

Error - 11/02/2011 2:20:19 PM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application mi865h5d.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module mi865h5d.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0x58c, application
start time 0x01cbca1831b63574.

Error - 11/02/2011 2:43:58 PM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application c4n115pg.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module c4n115pg.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0x398, application
start time 0x01cbca1b860679ad.

Error - 11/02/2011 3:42:59 PM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module SHELL32.dll, version 6.0.6002.18393, time stamp 0x4d39b5c7,
exception code 0x80000001, fault offset 0x00088b72, process id 0xc2c, application
start time 0x01cbca23d8ddf233.

Error - 13/02/2011 8:32:40 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application c4n115pg.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module c4n115pg.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xfb8, application
start time 0x01cbcb79eee58bc7.

Error - 13/02/2011 8:47:51 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application mi865h5d.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module mi865h5d.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xf64, application
start time 0x01cbcb7befb35853.

Error - 13/02/2011 9:36:14 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application c4n115pg.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module c4n115pg.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xe24, application
start time 0x01cbcb82cdab79b9.

Error - 13/02/2011 4:53:45 PM | Computer Name = Lori-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 11/02/2011 2:04:40 PM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/02/2011 2:04:40 PM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/02/2011 2:04:40 PM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/02/2011 2:04:40 PM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/02/2011 2:04:48 PM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/02/2011 2:06:58 PM | Computer Name = Lori-PC | Source = DCOM | ID = 10005
Description =

Error - 11/02/2011 2:25:44 PM | Computer Name = Lori-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:22:32 PM on 11/02/2011 was unexpected.

Error - 13/02/2011 8:35:07 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 13/02/2011 8:55:27 AM | Computer Name = Lori-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:53:19 AM on 13/02/2011 was unexpected.

Error - 13/02/2011 9:12:29 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7034
Description =

< End of report >

Advertisements

Register to Remove

#17 lmacri

Authentic Member

Authentic Member
37 posts

Posted 13 February 2011 - 04:07 PM

Hi CatByte:

I noticed that HijackThis seems to keep throwing the warning about my Hosts file every time it reached the following item:

O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll

I was having problems with this plug-in repeated crashing my IE 8 browser about a month ago with the following error message:

Log Name: Application
Source: Application Error
Date: 14/01/2011 8:03:50 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: Lori-PC
Description:
Faulting application iexplore.exe, version 8.0.6001.18999, time stamp 0x4ccf92fb, faulting module DpOtsPluginIe8.dll, version 5.0.0.3790, time stamp 0x4a60f5e3, exception code 0xc00000fd, fault offset 0x00099397, process id 0x46c, application start time 0x01cbb45864f7115a.

This plug-in is part of the DigitalPersonal (DP) Personal fingerprint reader software that came bundled with my HP laptop. I've kept the software updated (currently v. 4.11.3826) but I've never actually registered a fingerprint or used the fingerprint reader.

Again, HP Support was completely useless but DigitalPersona Support told me that DP Personal:
- is end-of-life software and no further updates or patches will be released (see here)
- v. 4.11.3826 is the last version updated and released for HP
- will not work with Java versions newer than Java 6 update 20 (build 1.6.0_20)

This means that DP Personal is not compatible with the latest Java 6.23 release I have on my machine.

I disabled the DP Personal plug-in on January 14, 2011, which stopped the IE 8 browser crashes, but the software may be causing other problems that I'm not aware of. I have no problem uninstalling the entire DigitalPersona Personal fingerprint reader software if you think it might help.

--------

Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.5.1.1100 * HijackThis v. 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

#18 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 13 February 2011 - 09:08 PM

Hi,

Yes, if you are not using the Digital persona software, then uninstall it totally and delete the folder from program files.

Please do the following:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
```
:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptyflash]
[purity]
[emptytemp]
[Reboot]
```
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Delete both copies of GMER that you have on your desktop and download a fresh copy

try running it in safemode

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#19 lmacri

Authentic Member

Authentic Member
37 posts

Posted 14 February 2011 - 10:16 AM

Hi CatByte:

Some progress at last!

It's good you told me to check the Program Files folder, because after uninstalling DigitalPersona (DP) Personal from the Control Panel it looked like most of the files were still on my hard drive. I was unable to delete the following four files manually:

DpAgent (the DigitalPersona local agent)
DpOSet.dll (DigitalPersona User Settings Manager)
DpBrandingPersonal.dll (Branding for DigitalPersona Password Manager)
DpAgent.exe.mui

All four were created 1/12/2009 and had file version 5.0.0.3790 (the same as the DpOtsPluginIe8.dll file that was crashing my browser). I tried playing with the file permissions and read-only attributes and the only way I was able to get rid of them was to:

1. Disable the fingerprint reader sensor (Authentec AES 2501 Driver: 8.1.2.37) from Device Manager
2.. Disable the Biometric Authentication Service (DpHost) from Services
3. Kill the DpAgent process using Process Explorer v. 14.01

The DpAgent is no longer starting at boot-up, and the only possible problem I can see is that the Biometric Authentication Service (DpHost) is throwing an error because it can't find C:\Program Files\ DigitalPersona\Bin\DpHostW.exe (see attached .JPG), even though the service is still disabled.
__________________________

I ran the OTL fix ( log posted below) and I have good news and bad news:

Bad news: A fresh copy of GMER (uk7ef113.exe) is still crashing in Safe Mode while it seems to be scanning \Device\Harddisk\VolumeShadowCopy1 (see attached .JPG). I wanted to wait until hearing back from you before I try cleaning out the older restore points and hibernation file and trying another scan.

Good news: HijackThis runs normally in SafeMode (no error messages about the Hosts file and a log was created automatically) but it still throws the error message in Normal mode. It's now showing a weird entry I haven't noticed before:

O1 - Hosts: ÿþ127.0.0.1 localhost

I posted the new HijackThis log as well. I hope I didn't screw anything up while I was manually deleting the DP Personal files off my hard drive. I have a few residual entries for DP in my registry but it looks like I can clean them out with CCleaner.

--------

Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100 * HijackThis v. 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

______________________

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lori\Desktop\cmd.bat deleted successfully.
C:\Users\Lori\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Backup Administrator

User: Default

User: Default User

User: Lori
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Backup Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lori
->Temp folder emptied: 19196852 bytes
->Temporary Internet Files folder emptied: 48184 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38852871 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 45874570 bytes

Total Files Cleaned = 99.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02142011_075421

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

_________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:05 AM, on 14/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
c:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.h...osticsVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

--
End of file - 4777 bytes

Attached Thumbnails

Attached Images

#20 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 14 February 2011 - 08:08 PM

Hi

Fix the following entries with HJT, then flush the old restore points, then run a fresh OTL log:

Open HiJackThis
Click on Do a system scan only
Check the boxes next to ONLY the entries listed below (if still present):

O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (file missing)
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.

NEXT

press the Win key on the keyboard, typeRestore then press enter to get to the System Restore section.
Click "Create a restore point" Click on the "Create" button to create a new restore point. You may be prompted for permission to continue - ALLOW it to continue. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later.
Click the Create button, and then the system will create the restore point.
When it's all finished, you'll get a message saying it's completed successfully.
You will now have a new restore point

Then remove all previous Restore Points

Click Win key on the keyboard, type cleanmgr to access the disk cleanup
choose all files on the computer, then choose the C:\ drive, press OK
Disk cleanup calculates the files, this takes a few minutes > another menu will pop up.
At the top, click on the More Options tab, under System Restore and Shadow Copies group,
Click the Clean up button,
Vista will ask you if you’re sure, click on the Delete button, click OK > Delete Files

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#21 lmacri

Authentic Member

Authentic Member
37 posts

Posted 15 February 2011 - 12:21 PM

Hi CatByte:

Made some excellent progress today.

HijackThis wasn't able to fix the following 2 entries in Normal mode, but I was finally able to remove them in Safe Mode:

O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (file missing)

New OTL and Extras logs are posted below. I took a quick look at the OTL log and noticed the following entry under Win32 Services:

SRV - File not found [Disabled | Stopped] -- -- (DpHost)

I checked the Biometric Authentication Service (DpHost) and it still seems to be throwing an error and pointing to C:\Program Files\ DigitalPersona\Bin\DpHostW.exe (see attached .JPG). I still haven't re-enabled either the Biometric Authentication Service (Services) or the driver for my fingerprint reader sensor (Authentec AES 2501 Driver: 8.1.2.37) (Device Manager).

Really good news - I am able to run GMER again so I'll post new scan logs for GMER and DDS in a separate post.

--------
Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100 * DigitalPersona Personal v. 4.11.3826
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS
--------

OTL logfile created on: 15/02/2011 6:55:15 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Lori\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.82 Gb Total Space | 170.61 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.68 Gb Free Space | 13.90% Space Free | Partition Type: NTFS

Computer Name: LORI-PC | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/13 15:10:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/06/09 09:25:54 | 007,539,232 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2011/02/13 15:10:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 13:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/09/24 20:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 00:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 00:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 00:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/20 20:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/20 20:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/20 20:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (DpHost)
SRV - [2011/01/20 07:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/12/04 12:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/27 21:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/10/03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/09 09:13:42 | 002,366,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/04 11:34:52 | 000,328,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/02 16:42:24 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/01/24 23:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/12 13:12:38 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/12/12 13:12:38 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/12/12 13:12:38 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/08 19:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 01:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/03 16:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/03 16:41:38 | 000,000,000 | ---D | M]

[2011/01/20 21:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lori\AppData\Roaming\Mozilla\Extensions
[2010/06/14 13:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lori\AppData\Roaming\Mozilla\Extensions\58282EC3-9AC0-4ab3-9BC3-6362BA4F2F5E
[2011/02/15 06:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions
[2011/02/03 16:41:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/03 16:41:45 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2011/02/03 16:41:50 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\t8xvl799.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2011/01/20 21:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/02/15 06:25:10 | 000,000,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: shavlik.com ([it] https in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.h...osticsVista.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lori\Pictures\1280_crabnebula.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lori\Pictures\1280_crabnebula.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/25 15:49:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: wave6 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfRd - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/02/14 07:54:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/13 15:10:16 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
[2011/02/13 07:02:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lori\Desktop\TFC.exe
[2011/02/10 08:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/09 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\WindowsUpdate
[2011/02/09 12:18:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/09 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\temp
[2011/02/09 12:14:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/09 12:06:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/09 12:06:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/09 11:22:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/09 11:22:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/09 11:22:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/09 11:22:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/09 11:20:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/09 08:43:05 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 08:43:04 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 08:43:02 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 08:42:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 08:42:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 08:42:55 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 08:42:55 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/09 08:42:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 08:42:54 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 08:42:54 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 08:42:54 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 08:42:54 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 08:42:54 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 08:42:54 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 08:42:54 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 08:42:53 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 08:42:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 08:42:53 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 08:42:53 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 08:42:52 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 08:42:52 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 08:42:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 08:42:52 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 08:42:52 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 08:42:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 08:42:50 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 08:42:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 08:42:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 08:42:36 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 08:42:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/09 08:42:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 08:42:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 08:42:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 08:42:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 08:42:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 08:42:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 08:42:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 08:42:30 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 08:42:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 08:42:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 08:42:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 08:42:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 08:42:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 08:42:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 08:42:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 08:42:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 08:42:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/07 22:25:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/03 08:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/03 08:54:03 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/02/03 08:25:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(295)
[2011/02/03 08:25:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2011/02/01 14:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/02/01 14:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(164)
[2011/02/01 14:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/01 14:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(165)
[2011/02/01 14:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/01 10:37:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE(6).BIN
[2011/01/27 13:35:02 | 000,000,000 | ---D | C] -- C:\Users\Lori\Documents\CyberLink CL Cleaner
[2011/01/26 09:46:12 | 000,000,000 | ---D | C] -- C:\288b594930c641eac4
[2011/01/21 11:09:59 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\Secunia PSI
[2011/01/20 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\Mozilla
[2011/01/20 21:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/20 21:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/20 13:54:04 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Roaming\Foxit Software
[2011/01/20 13:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2011/01/18 12:44:27 | 000,000,000 | ---D | C] -- C:\Users\Lori\AppData\Local\QuickPlay
[2009/07/31 20:02:20 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/07/31 20:02:20 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/07/31 20:02:20 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/07/31 20:02:20 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/07/31 20:02:19 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe

========== Files - Modified Within 30 Days ==========

[2011/02/15 06:57:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8379694C-F8AF-4C5E-A380-BEA99E17B597}.job
[2011/02/15 06:48:50 | 000,002,521 | ---- | M] () -- C:\Users\Lori\Desktop\HiJackThis.lnk
[2011/02/15 06:45:15 | 000,048,992 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/15 06:45:14 | 000,048,992 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/15 06:44:56 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/15 06:44:56 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/15 06:44:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/15 06:25:10 | 000,000,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/14 14:50:34 | 000,002,607 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/02/14 08:06:09 | 000,296,448 | ---- | M] () -- C:\Users\Lori\Desktop\uk7ef113.exe
[2011/02/13 15:10:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.exe
[2011/02/13 07:03:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\TFC.exe
[2011/02/11 09:34:44 | 000,033,117 | R--- | M] () -- C:\Users\Lori\Documents\Milk Prices as of 01 Feb 2011.PDF
[2011/02/11 08:56:47 | 000,002,609 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/02/09 17:31:00 | 000,681,856 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/09 17:31:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/09 17:31:00 | 000,130,648 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/09 17:31:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/09 13:25:16 | 000,001,186 | ---- | M] () -- C:\Users\Lori\Desktop\WhatTheTeck Forum Post for HijackThis Log.lnk
[2011/02/09 12:29:35 | 000,624,128 | ---- | M] () -- C:\Users\Lori\Desktop\dds.com
[2011/02/09 09:20:18 | 004,265,880 | R--- | M] () -- C:\Users\Lori\Desktop\ComboFix.exe
[2011/02/09 08:54:29 | 000,298,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/03 17:00:53 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/01 14:26:03 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/01/29 15:51:40 | 000,000,438 | ---- | M] () -- C:\Users\Lori\Desktop\Windows - Shortcut.lnk
[2011/01/29 12:17:00 | 000,000,372 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Documents.lnk
[2011/01/25 14:01:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/20 21:39:05 | 000,001,748 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/20 14:05:30 | 000,001,191 | ---- | M] () -- C:\Users\Lori\Desktop\CyberLink DVD Suite Uninstall.lnk
[2011/01/20 13:53:37 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/01/20 13:48:47 | 000,000,255 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/01/20 13:39:56 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2011/01/20 10:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/01/20 10:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/01/20 10:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/20 10:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/01/20 10:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/20 10:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/20 10:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/20 10:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/20 10:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/01/20 10:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/01/20 08:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/01/20 08:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/20 08:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/01/20 08:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/01/20 08:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/20 08:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/20 08:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/20 08:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/20 08:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/20 08:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/20 08:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/20 08:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/01/20 07:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/20 07:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/20 07:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/18 15:25:41 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2011/01/18 15:21:09 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2011/01/16 11:14:32 | 000,002,583 | ---- | M] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access.lnk

========== Files Created - No Company Name ==========

[2011/02/14 08:04:58 | 000,296,448 | ---- | C] () -- C:\Users\Lori\Desktop\uk7ef113.exe
[2011/02/11 09:34:44 | 000,033,117 | R--- | C] () -- C:\Users\Lori\Documents\Milk Prices as of 01 Feb 2011.PDF
[2011/02/09 13:25:15 | 000,001,186 | ---- | C] () -- C:\Users\Lori\Desktop\WhatTheTeck Forum Post for HijackThis Log.lnk
[2011/02/09 12:27:46 | 000,624,128 | ---- | C] () -- C:\Users\Lori\Desktop\dds.com
[2011/02/09 11:22:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/09 11:22:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/09 11:22:12 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/09 11:22:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/09 11:22:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/09 09:20:07 | 004,265,880 | R--- | C] () -- C:\Users\Lori\Desktop\ComboFix.exe
[2011/02/03 08:54:03 | 000,002,521 | ---- | C] () -- C:\Users\Lori\Desktop\HiJackThis.lnk
[2011/02/01 14:54:43 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/29 15:51:40 | 000,000,438 | ---- | C] () -- C:\Users\Lori\Desktop\Windows - Shortcut.lnk
[2011/01/29 12:17:00 | 000,000,372 | ---- | C] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Documents.lnk
[2011/01/20 21:39:05 | 000,001,748 | ---- | C] () -- C:\Users\Lori\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/20 14:05:30 | 000,001,191 | ---- | C] () -- C:\Users\Lori\Desktop\CyberLink DVD Suite Uninstall.lnk
[2011/01/20 13:53:37 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/01/18 12:43:42 | 000,001,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay Manager.lnk
[2011/01/18 12:43:42 | 000,001,728 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPlay.lnk
[2011/01/15 16:41:32 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/07/31 20:02:19 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/07/31 20:01:36 | 000,000,255 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/05/26 12:45:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/22 09:56:22 | 000,048,992 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/22 09:56:22 | 000,048,992 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/04 15:08:05 | 000,000,680 | ---- | C] () -- C:\Users\Lori\AppData\Local\d3d9caps.dat
[2008/09/11 17:42:44 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\FnF4.txt
[2008/09/03 08:07:05 | 000,007,168 | ---- | C] () -- C:\Users\Lori\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/19 07:42:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/19 06:28:38 | 000,000,314 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\wklnhst.dat
[2008/08/16 20:02:55 | 000,027,744 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\nvModes.001
[2008/08/16 19:47:36 | 000,027,744 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\nvModes.dat
[2008/08/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\QSwitch.txt
[2008/08/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\DSwitch.txt
[2008/08/10 14:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Lori\AppData\Local\AtStart.txt
[2008/08/10 13:33:01 | 000,007,837 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/12/04 13:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 03:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

_________________________________________

OTL Extras logfile created on: 15/02/2011 6:55:15 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Lori\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.82 Gb Total Space | 170.61 Gb Free Space | 77.26% Space Free | Partition Type: NTFS
Drive D: | 12.07 Gb Total Space | 1.68 Gb Free Space | 13.90% Space Free | Partition Type: NTFS

Computer Name: LORI-PC | User Name: Lori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{216C95C4-59FF-4783-8983-3659C43CD5FA}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{29A15DE1-D998-4317-89A7-90E463BA203F}" = protocol=6 | dir=in | app=c:\users\lori\appdata\local\temp\7zs9a3e.tmp\symnrt.exe |
"{4D30D9A4-5CE2-4233-BADF-8E1D62009D96}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{77BCA5BE-2C38-42E8-9A4A-46DD6363BDF2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{94625C72-2D23-403C-B254-6192FAB20B25}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F9272D77-2A16-4CAA-A993-8002462C52AD}" = protocol=17 | dir=in | app=c:\users\lori\appdata\local\temp\7zs9a3e.tmp\symnrt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{772997BF-C04E-4FD2-B04F-24D06D649C68}" = Windows Live Install Wizard
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3C1579F-C9BB-4479-B343-B22C5C283D47}" = Vista Services Optimizer
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"5244-9769-3058-9401" = Moneydance 2010
"AceMoney Lite_is1" = AceMoney Lite
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Analyse-it for Excel" = Analyse-it for Microsoft Excel
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"Fund Manager" = Fund Manager
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Registry First Aid_is1" = Registry First Aid
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2011 9:36:14 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application c4n115pg.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module c4n115pg.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xe24, application
start time 0x01cbcb82cdab79b9.

Error - 13/02/2011 4:53:45 PM | Computer Name = Lori-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/02/2011 10:08:41 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application uk7ef113.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module uk7ef113.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0xfcc, application
start time 0x01cbcc5089658657.

Error - 14/02/2011 10:22:27 AM | Computer Name = Lori-PC | Source = EventSystem | ID = 4609
Description =

Error - 14/02/2011 10:23:39 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application uk7ef113.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module uk7ef113.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0x5dc, application
start time 0x01cbcc52abb0e809.

Error - 14/02/2011 10:25:58 AM | Computer Name = Lori-PC | Source = EventSystem | ID = 4609
Description =

Error - 14/02/2011 10:27:21 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application uk7ef113.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module uk7ef113.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0x5fc, application
start time 0x01cbcc532a1cfc70.

Error - 14/02/2011 10:31:08 AM | Computer Name = Lori-PC | Source = EventSystem | ID = 4609
Description =

Error - 14/02/2011 10:32:17 AM | Computer Name = Lori-PC | Source = Application Error | ID = 1000
Description = Faulting application uk7ef113.exe, version 1.0.15.15530, time stamp
0x4cd7c3b7, faulting module uk7ef113.exe, version 1.0.15.15530, time stamp 0x4cd7c3b7,
exception code 0xc0000005, fault offset 0x0000c551, process id 0x594, application
start time 0x01cbcc53e03b6a12.

Error - 15/02/2011 8:23:57 AM | Computer Name = Lori-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:37 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/02/2011 8:24:40 AM | Computer Name = Lori-PC | Source = Service Control Manager | ID = 7001
Description =

< End of report >

Attached Images

#22 lmacri

Authentic Member

Authentic Member
37 posts

Posted 15 February 2011 - 12:31 PM

Hi CatByte:

As promised, here are new posts for my GMER, DDS and Attach logs.
--------
Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100 * DigitalPersona Personal v. 4.11.3826
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS
--------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-15 10:00:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: uk7ef113.exe; Driver: C:\Users\Lori\AppData\Local\Temp\kxldapod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37bd74f2
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37bd74f2 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

__________________________________________

DDS (Ver_10-12-12.02) - NTFSx86
Run by Lori at 10:57:38.22 on 15/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1922 [GMT -6:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lori\Desktop\dds.com
C:\Windows\system32\conime.exe
c:\Windows\System32\wbem\WmiPrvSE.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\lori\appdata\roaming\mozilla\firefox\profiles\t8xvl799.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Bookmark Duplicate Detector: {ba243cb0-b824-4a26-9418-73ee795d9b9d} - %profile%\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}

============= SERVICES / DRIVERS ===============

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-3 363344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-3 20952]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-2 482176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-7-29 193840]

=============== Created Last 30 ================

2011-02-14 13:54:21 -------- d-----w- C:\_OTL
2011-02-12 15:35:34 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a3101099-8dfc-4322-9226-d205731aaaab}\mpengine.dll
2011-02-10 14:55:11 -------- d-----w- c:\program files\ESET
2011-02-09 18:34:28 -------- d-----w- c:\users\lori\appdata\local\WindowsUpdate
2011-02-09 18:15:25 -------- d-----w- c:\users\lori\appdata\local\temp
2011-02-09 18:14:52 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-09 18:06:31 -------- d-----w- C:\ComboFix
2011-02-09 17:22:12 98816 ----a-w- c:\windows\sed.exe
2011-02-09 17:22:12 89088 ----a-w- c:\windows\MBR.exe
2011-02-09 17:22:12 256512 ----a-w- c:\windows\PEV.exe
2011-02-09 17:22:12 161792 ----a-w- c:\windows\SWREG.exe
2011-02-09 14:43:05 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 14:43:05 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 14:43:04 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 14:43:02 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-03 14:54:04 388096 ----a-r- c:\users\lori\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-03 14:54:03 -------- d-----w- c:\program files\Trend Micro
2011-02-03 14:25:42 -------- d-----w- c:\windows\system32\catroot2(295)
2011-02-03 14:25:42 -------- d-----w- c:\windows\system32\catroot2
2011-02-01 20:53:57 -------- d-----w- c:\program files\iPod(164)
2011-02-01 20:53:57 -------- d-----w- c:\program files\iPod
2011-02-01 20:53:54 -------- d-----w- c:\program files\iTunes(165)
2011-02-01 20:53:54 -------- d-----w- c:\program files\iTunes
2011-02-01 16:37:39 -------- d-----w- C:\$RECYCLE(6).BIN
2011-01-26 15:46:12 -------- d-----w- C:\288b594930c641eac4
2011-01-21 17:09:59 -------- d-----w- c:\users\lori\appdata\local\Secunia PSI
2011-01-21 03:40:51 -------- d-----w- c:\users\lori\appdata\local\Mozilla
2011-01-20 19:54:04 -------- d-----w- c:\users\lori\appdata\roaming\Foxit Software
2011-01-18 18:44:27 -------- d-----w- c:\users\lori\appdata\local\QuickPlay

==================== Find3M ====================

2011-01-20 19:39:56 2989660 ----a-w- c:\progra~2\DVD.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-18 21:25:41 2864396 ----a-w- c:\progra~2\MPV.exe
2011-01-18 21:21:09 2331174 ----a-w- c:\progra~2\Karaoke.exe
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-11 04:14:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 10:58:08.77 ===============

______________________________________________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/03/2008 6:04:40 AM
System Uptime: 15/02/2011 10:02:20 AM (0 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 169.044 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.678 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {53d29ef7-377c-4d14-864b-eb3a85769359}
Description: AuthenTec Inc. AES2501A
Device ID: USB\VID_08FF&PID_2580\5&38A4DEE3&0&1
Manufacturer: AuthenTec
Name: AuthenTec Inc. AES2501A
PNP Device ID: USB\VID_08FF&PID_2580\5&38A4DEE3&0&1
Service: ATSwpWDF

==== System Restore Points ===================

RP1456: 15/02/2011 6:36:25 AM - Post HijackThis Fix

==== Installed Programs ======================

32 Bit HP CIO Components Installer
AceMoney Lite
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
AIO_Scan
Analyse-it for Microsoft Excel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Duplicate File Finder
AuthenTec Fingerprint Sensor Minimum Install
Bonjour
BufferChm
C5200
C5200_Help
CCleaner
Copy
CutePDF Writer 2.8
Defraggler
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Driver Detective
DVD Suite
ESET Online Scanner v3
eSupportQFolder
Fax
FileHippo.com Update Checker
Foxit Reader
Fund Manager
GPBaseService
GPBaseService2
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Driver Diagnostics
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Product Detection
HP Quick Launch Buttons 6.40 H2
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Solution Center 13.0
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 23
LabelPrint
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money 2005
Microsoft Office 2000 SR-1 Professional
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Moneydance 2010
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.13)
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NVIDIA Drivers
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PVSonyDll
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Registry First Aid
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Visual Basic for Applications 6.5 (KB974945)
SolutionCenter
Status
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
Vista Services Optimizer
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WeatherBug Gadget
WebReg
Windows Live Install Wizard
WinRAR archiver

==== Event Viewer Messages From Past Week ========

15/02/2011 6:24:40 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
15/02/2011 6:24:37 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
15/02/2011 6:24:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/02/2011 6:24:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
15/02/2011 6:24:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
15/02/2011 6:24:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
15/02/2011 6:23:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
15/02/2011 6:23:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/02/2011 6:23:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
14/02/2011 8:32:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
14/02/2011 8:32:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
14/02/2011 8:25:39 AM, Error: EventLog [6008] - The previous system shutdown at 8:23:48 AM on 14/02/2011 was unexpected.
14/02/2011 8:16:02 AM, Error: EventLog [6008] - The previous system shutdown at 8:13:31 AM on 14/02/2011 was unexpected.
14/02/2011 7:54:22 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
13/02/2011 6:55:27 AM, Error: EventLog [6008] - The previous system shutdown at 6:53:19 AM on 13/02/2011 was unexpected.
13/02/2011 6:35:07 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
11/02/2011 12:25:44 PM, Error: EventLog [6008] - The previous system shutdown at 12:22:32 PM on 11/02/2011 was unexpected.
11/02/2011 12:04:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIRON SYMTDIv tdx Wanarpv6
11/02/2011 12:03:32 PM, Error: EventLog [6008] - The previous system shutdown at 12:01:44 PM on 11/02/2011 was unexpected.
11/02/2011 11:46:57 AM, Error: EventLog [6008] - The previous system shutdown at 11:45:03 AM on 11/02/2011 was unexpected.
09/02/2011 12:13:49 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
09/02/2011 10:14:35 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} to the user Lori-PC\Lori SID (S-1-5-21-3086198521-800258848-3831315664-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
08/02/2011 10:29:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================

#23 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 15 February 2011 - 07:28 PM

The logs looks clean now. What is the status of digital persona? Did you uninstall the whole thing and the folder in Program Files? What are you keeping/uninstalling? re-enable everything, uninstall what you need to, run a fresh OTL with everything enabled, then I can script out any leftovers

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#24 lmacri

Authentic Member

Authentic Member
37 posts

Posted 15 February 2011 - 09:06 PM

Hi CatByte:

The Secunia PSI software is currently uninstalled and there are no residual files in C:\ Program Files\Secunia.

Is it okay to re-install NIS 2011 at this point? As long as I don't have any malware on my system and I have my Microsoft updates being delivered by Windows Update (which appears fixed now), I'm happy to leave Secunia PSI 2.0 off my system for now and re-install a later release after they've fixed a few more bugs in the software.

Also, do I have to reset the Hosts file again using OTL per your instructions in message # 18 or use the MS FixIT tool at http://support.microsoft.com/kb/972034 to reset the contents? According to this MS Support article the contents of the Hosts file should look like this for Vista:

127.0.0.1 localhost
::1 localhost

Right now the only entry I have in my Hosts file (see attached .txt) file is:

::1 localhost

--------
Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100 * DigitalPersona Personal v. 4.11.3826
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS
--------

Attached Files

hosts_as_of_15_Feb_2011.txt 21bytes 458 downloads

#25 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 15 February 2011 - 09:23 PM

Yes, Use the FixIt tool on that page, that should do it, Are you getting any more error messages on start up? If not then we can cleanup our tools

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Advertisements

Register to Remove

#26 lmacri

Authentic Member

Authentic Member
37 posts

Posted 16 February 2011 - 11:22 AM

Hi Catbyte:

I think I have some very bad news.

A ran the MS FixIT tool from http://support.microsoft.com/kb/972034 and it was able to rename the old Hosts file to Hosts.old, but when I checked C:\Windows\System32\drivers\etc there was no new Hosts file created.

So I tried to create a new Hosts file manually as instructed on the MS FixIT tool, but I can't create a new file in this folder because the Administrators group only has Special permissions and is not allowed to read or write files in this folder.

The permissions on both the C:\Windows\ and C:\Program Files folders are as follows:

CREATOR OWNER, SYSTEM, and Administrators: Special permissions only
Users: Read & execute, List folder contents, and Read
TrustedInstaller: List folder contents, Special permissions

This goes back to my original post and concerns about file/folder permissions. I don't see how my system can operate properly if the SYSTEM group doesn't have read or write permissions for my C:\Windows\ folder. It could also explain why HijackThis was throwing a warning that the System was denying write access to the Hosts file in Normal mode (see attached .JPG) and why I've been having so much grief uninstalling software from my system for the past year or so. I don't recall seeing any errors when I upgraded to Vista SP2 via Windows Update back in May of 2009 shortly after I bought my laptop, but if the folder permissions are wrong then this may be a very old problem.

On the bright side, HijackThis is no longer throwing a warning now that the Hosts file has disappeared.

--------
Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

Attached Images

Edited by lmacri, 16 February 2011 - 11:26 AM.

#27 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 16 February 2011 - 03:11 PM

Let's try resetting all the permissions back to default

You will need to run the ‘Subinacl Tool’ to reset the permissions to default.
Please do the following:

Download subinacl.msi from the following link, and save it to your desktop.
http://www.microsoft...finityDownloads
now, double-click subinacl.msi to install the tool.
Select C:\Windows\System32 as the destination folder for the installation.
(Note This step assumes that Windows is installed in C:\Windows. If Windows is installed elsewhere, select the appropriate path to .\System32.)
Open Notepad.

Copy the following commands inside the code box, then paste them into the opened Notepad window.

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f 
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f 
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f 
subinacl /subdirectories %SystemDrive% /grant=administrators=f 
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f 
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f 
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f 
subinacl /subdirectories %SystemDrive% /grant=system=f

Now click File, Save As, and then type: reset.cmd
click Save as type, and then select All Files (*.*).
Save the reset.cmd file to your desktop, and close Notepad.
Double-click the reset.cmd file to reset the Windows permissions.
Note This step may take several minutes, so please be patient. When the permissions have been reset, you will be prompted with "Finished, press any key to continue."
Press any key to complete the installation.

Check if you now have the right permissions to all the folders for all users.

For more information you may check the article given below.
http://support.microsoft.com/kb/968003

Now re-run OTL and post a fresh log and I'll fix the Hosts file with OTL afterwards

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#28 lmacri

Authentic Member

Authentic Member
37 posts

Posted 16 February 2011 - 08:11 PM

Hi CatByte:

SubInACL doesn't appear to be working as expected. For example, the permissions on C:\Windows\System32 look okay but all the child subfolders below that (e.g., C:\ Windows\System32\drivers) still appear to have only Special permissions for the Administrators group. I'm not sure if SubInACL actually worked and the permissions will be inherited in all the child subfolders or if something actually went wrong.

I disabled MBAM, right clicked on the reset.cmd file on the desktop and chose Run as Administrator. It runs correctly for about 5 minutes and appears to fail for only one key (HKLM\Software\Microsoft\Windows NT\Current Version\Perf.... sorry, couldn't see the rest of the path) and then pauses when it reaches the following line:

C:\Windows\System32 : 4 changes

Instead of prompting me with "Finished, press any key to continue." , it appears to loop back and run the entire batch file a second time (which is probably expected given the code in the file), reaches the same endpoint (i.e., C:\Windows\System32 : 4 changes) and the command prompt then closes by itself before it reports that it is finished.

I've always had problems running commands from the Command Prompt unless I run it with elevated Administrator privileges. Is it possible open a Command Prompt with elevated permissions and then run reset.cmd from the command line to see if this works?
--------
Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100 * DigitalPersona Personal v. 4.11.3826
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

#29 CatByte

Classroom Administrator

Classroom Admin
21,060 posts

Posted 16 February 2011 - 09:56 PM

Yes, give it a try

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#30 lmacri

Authentic Member

Authentic Member
37 posts

Posted 17 February 2011 - 07:09 AM

Hi CatByte:

Using an elevated command prompt didn't work either, even in Safe Mode. The only difference I can see is that the Command Prompt window didn't close itself, so I was able to get a screen shot for you (see attached .JPG)

I'm still getting the failure at HKLM\Software\Microsoft\Windows NT\Current Version\Perflib\... when reset.com is running, and the batch file seems to fail again while it's creating a new ace for nt authority\system on my desktop (whatever that means

). I don't know if the two issues with Windows NT are connected.

Did I make a mistake by changing to the C:\Users\Lori\Desktop directory first before running reset.cmd from the command line?
--------
Vista Home Premium 32-bit SP2 * IE 8 * Firefox 3.6.13 * MBAM v. 1.50.1.1100 * DigitalPersona Personal v. 4.11.3826
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

Body Background

skin color theme