Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post HiJackthis log file now what?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:47:40 AM, on 5/11/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    C:\Users\Owner\Downloads\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\Owner\Documents\Desktop\Desktop\HijackThis.exe /startupscan
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) -
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe

    --
    End of file - 8245 bytes

  2. #2
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello abeachguy and Welcome to Help2go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at help2go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!

    Download >> ToolBar S&D <-- here
    • Double-click ToolBar S&D.exe
    • Choose the language and hit Enter key, then choose Option 2 (Fix) and hit Enter key again.
    • Wait till the end of the scan

    Copy and paste the log which was created: (%SystemDrive%\TB.txt)

    Next...


    We will use ComboFix

    Please download and run ComboFix:
    • A few notes first:

      Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

    • ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)
    • ComboFix must be run from an Administrative account.
    • Vista and W7 users - Right click, choose "Run as Administrator"
    • It must be downloaded to and run from your desktop.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)
    • ComboFix Guide <---please read!

      Download ComboFix from one of these locations:

      from Link #1

      Alternate link

      Alternate link #2

    • Double click on ComboFix.exe & follow the prompts.
    • Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    • Note: If you have SP3, use the SP2 package.

      If Vista or Windows 7, skip the Recovery Console part
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


      Notes:
    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    • 3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
      Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.
    • 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
      If a reboot doesn't restore your connection, please try this:
      Check HERE
      For XP systems download and run WinSockFix and Here

      Vista users: Check HERE

      Windows 7 systems: Download and run this Winsockfix.bat
    • 5.Give ComboFix at least 20-30 minutes to finish if needed.
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  3. #3
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Default Combo Fix Log

    ComboFix 11-05-14.01 - Owner 05/14/2011 16:49:41.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2044.1192 [GMT -7:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-14 23:26 . 2011-05-14 23:33 -------- d-----w- C:\ToolBar SD
    2011-05-13 05:47 . 2011-04-18 16:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA770CBC-0FD1-4DDB-84C0-2B56C972B328}\mpengine.dll
    2011-05-11 23:29 . 2011-05-11 23:29 -------- d-----w- c:\program files\ToniArts
    2011-05-11 18:02 . 2010-05-21 19:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
    2011-05-11 18:02 . 2011-05-14 20:10 -------- d-----w- c:\program files\MyDefrag v4.3.1
    2011-05-11 18:02 . 2010-05-21 19:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
    2011-05-11 10:43 . 2011-05-11 10:43 -------- d-----w- c:\windows\en
    2011-05-11 10:42 . 2010-09-23 07:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-05-11 10:40 . 2011-05-11 10:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-05-11 10:35 . 2011-05-11 10:43 -------- d-----w- c:\program files\Windows Live
    2011-05-11 10:32 . 2011-05-11 10:32 -------- d-----w- c:\users\Owner\AppData\Local\Windows Live
    2011-05-11 10:32 . 2011-05-11 10:32 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-05-11 10:22 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-05-10 15:21 . 2011-05-10 15:21 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2011-05-10 15:21 . 2011-05-10 15:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-05-10 15:15 . 2011-05-10 15:15 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2011-05-10 15:14 . 2011-05-10 15:14 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-10 15:14 . 2011-05-12 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-10 13:24 . 2011-05-10 14:15 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2011-05-10 13:24 . 2011-05-10 16:42 -------- d-----w- c:\program files\Google
    2011-05-10 05:01 . 2011-05-11 07:45 -------- d-----w- c:\programdata\STOPzilla!
    2011-05-10 02:01 . 2011-05-10 02:01 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
    2011-05-10 02:01 . 2011-05-10 02:01 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-05-09 18:11 . 2011-05-09 18:11 -------- d-----w- c:\users\Owner\AppData\Local\ProfileSong
    2011-05-09 17:45 . 2011-05-09 18:29 -------- d-----w- c:\programdata\Trend Micro
    2011-05-09 12:48 . 2011-05-09 12:48 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
    2011-05-09 12:48 . 2011-05-09 12:48 -------- d-----w- c:\users\Owner\AppData\Roaming\ParetoLogic
    2011-05-09 12:48 . 2011-05-09 18:41 -------- d-----w- c:\programdata\ParetoLogic
    2011-05-09 12:32 . 2011-05-09 12:32 -------- d-----w- C:\inetpub
    2011-05-09 11:47 . 2011-05-09 11:47 -------- d-----w- c:\programdata\FileCure
    2011-05-09 09:16 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-05-09 09:10 . 2011-05-09 09:10 -------- d-----w- c:\windows\system32\SRSLabs
    2011-05-09 07:27 . 2011-05-09 07:27 -------- d-----w- c:\programdata\Symantec
    2011-05-04 07:58 . 2011-05-09 18:38 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
    2011-05-03 08:55 . 2011-05-03 08:55 -------- d-----w- c:\windows\system32\Adobe
    2011-05-02 22:55 . 2011-05-03 08:52 -------- d-----w- c:\windows\system32\drivers\NIS\1206000.01D
    2011-04-29 02:01 . 2011-04-29 02:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Tific
    2011-04-28 10:40 . 2011-04-28 10:40 -------- d-----w- C:\4b2591ed7881c18a01938134
    2011-04-27 10:45 . 2011-04-27 10:45 -------- d-----w- c:\users\Owner\AppData\Local\Linksys_LLC_-_A_Division_
    2011-04-27 10:43 . 2011-04-27 10:45 -------- d-----w- c:\programdata\Linksys
    2011-04-27 10:41 . 2011-05-11 10:42 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-04-27 10:39 . 2011-04-30 22:15 -------- d-----w- c:\program files\Linksys
    2011-04-27 06:23 . 2011-05-12 00:12 -------- d-----w- c:\program files\Microsoft
    2011-04-27 06:23 . 2011-04-28 10:43 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-04-27 06:21 . 2011-05-11 07:45 -------- d-----w- c:\users\Owner\AppData\Roaming\HpUpdate
    2011-04-27 03:04 . 2011-04-27 03:04 -------- d-----w- c:\users\Owner\AppData\Local\Electronic_Arts_Inc
    2011-04-27 03:01 . 2011-04-27 03:02 -------- d--h--w- c:\windows\msdownld.tmp
    2011-04-26 22:11 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-26 22:11 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-26 22:11 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-26 14:24 . 2011-04-27 06:51 -------- d-----w- c:\users\Owner\AppData\Local\HP
    2011-04-26 14:23 . 2010-06-14 20:43 264552 ----a-w- c:\windows\system32\hpinksts9311LM.dll
    2011-04-26 14:14 . 2008-01-21 02:23 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
    2011-04-24 21:50 . 2011-05-09 06:27 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-04-24 21:49 . 2011-04-24 21:49 -------- d-----w- c:\users\Owner\AppData\Local\PunkBuster
    2011-04-24 21:09 . 2011-04-27 00:25 -------- d-----w- c:\programdata\GameTap Web Player
    2011-04-24 21:09 . 2010-10-12 02:08 819200 ----a-w- c:\windows\system32\GameTapWebPlayer_4_4_0_7.ocx
    2011-04-24 10:59 . 2011-04-24 10:59 138056 ----a-w- c:\users\Owner\AppData\Roaming\PnkBstrK.sys
    2011-04-24 10:44 . 2011-04-24 10:44 -------- d-----w- c:\program files\EA Games
    2011-04-22 19:09 . 2011-04-22 19:14 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft Games
    2011-04-22 12:22 . 2011-04-22 12:22 -------- d-----w- c:\users\Owner\AppData\Local\IsolatedStorage
    2011-04-21 02:01 . 2011-04-21 02:01 14392 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
    2011-04-21 02:01 . 2011-04-21 02:01 35896 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
    2011-04-16 17:05 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-16 17:05 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-16 17:05 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-04-16 17:05 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-04-16 17:05 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-16 17:05 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-04-16 17:05 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-16 17:05 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-04-16 17:04 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-04-16 17:04 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-16 17:04 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-16 17:04 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-16 17:04 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-16 17:04 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-16 17:04 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-11 10:35 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-02 22:56 . 2011-01-20 09:56 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-04-21 02:01 . 2008-03-27 20:12 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
    2011-04-21 02:01 . 2008-03-19 00:24 26168 ----a-w- c:\windows\system32\hpservice.exe
    2011-04-21 02:01 . 2008-04-17 17:50 16952 ----a-w- c:\windows\system32\accelerometerdll.DLL
    2011-03-03 15:40 . 2011-04-26 22:11 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-26 22:11 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-26 22:11 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-26 22:11 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-22 14:13 . 2011-04-04 05:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 13:33 . 2011-04-04 05:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-02-22 13:33 . 2011-04-04 05:55 797696 ----a-w- c:\windows\system32\FntCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [2011-04-15 802936]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110513.001\IDSvix86.sys [2011-03-14 353912]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-04-21 26168]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-17 c:\windows\Tasks\HPCeeScheduleForOwner.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-01 03:03]
    .
    2011-05-14 c:\windows\Tasks\Norton Internet Security - Owner - Full System Scan.job
    - c:\program files\Norton Internet Security\Engine\18.6.0.29\navw32.exe [2011-05-02 00:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mWindow Title =
    DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{981E53BA-6DF4-4D99-8C33-6C398F5C139E} - (no file)
    HKCU-Run-HijackThis startup scan - c:\users\Owner\Documents\Desktop\Desktop\HijackThis.exe
    AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-05-14 17:30
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-05-14 17:33:52
    ComboFix-quarantined-files.txt 2011-05-15 00:33
    .
    Pre-Run: 157,152,641,024 bytes free
    Post-Run: 157,096,902,656 bytes free
    .
    - - End Of File - - 2A17CADD0854BCA7FCC9D2CAD3D0784A

  4. #4
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post TB.txt log file

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
    BIOS : Default System BIOS
    USER : Owner ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:222 Go (Free:145 Go)
    D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( Sun 05/15/2011| 7:38 )

    [ UAC => 1 ]

    -----------\\ Searching for Files - Folders ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.google.com/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.msn.com/"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Local Page"="C:\\Windows\\System32\\blank.htm"


    --------------------\\ Searching for other infections


    No other infections found !

    [ UAC => 1 ]


    1 - "C:\ToolBar SD\TB_1.txt" - Sat 05/14/2011|16:29 - Option : [2]
    2 - "C:\ToolBar SD\TB_2.txt" - Sat 05/14/2011|16:33 - Option : [2]
    3 - "C:\ToolBar SD\TB_3.txt" - Sun 05/15/2011| 7:39 - Option : [2]

    -----------\\ Scan completed at 7:39:12.64

  5. #5
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
    BIOS : Default System BIOS
    USER : Owner ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:222 Go (Free:145 Go)
    D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( Sun 05/15/2011| 7:38 )

    [ UAC => 1 ]

    -----------\\ Searching for Files - Folders ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.google.com/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.msn.com/"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Local Page"="C:\\Windows\\System32\\blank.htm"


    --------------------\\ Searching for other infections


    No other infections found !

    [ UAC => 1 ]


    1 - "C:\ToolBar SD\TB_1.txt" - Sat 05/14/2011|16:29 - Option : [2]
    2 - "C:\ToolBar SD\TB_2.txt" - Sat 05/14/2011|16:33 - Option : [2]
    3 - "C:\ToolBar SD\TB_3.txt" - Sun 05/15/2011| 7:39 - Option : [2]

    -----------\\ Scan completed at 7:39:12.64

  6. #6
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again

    Please read on and take a note:

    ------------------***-----------------
    Registry Tweaks Warning!

    Please see this link ---> Here

    I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

    They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.

    The following is referring to < Reg Cure >.

    Please be aware that Help2Go staff do not recommend the usage of registry cleaners / tools due to the following facts:
    • Registry tools can cause irreparable damage to your Operating System
    • Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    • The point we are trying to make is that the risk of using one far outweighs any benefit.
    • If it does work perfectly you will not see any difference
      If it doesn't work properly you may end up with an expensive doorstop.
    • Registry tools can, as a result of the above, render your pc to be inoperable.
    This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
    If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

    Registry cleaners should be used with caution and always back up your registry before deleting what it says are invalid entries.
    be careful you do not overclean your Registry and come to regret it. What's called invalid may be what your system needs to run correctly
    .


    Please read this blog by: miekiemoes. Link
    ----------------------------^-------------------------------

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.

    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    Let's start cleaning and securing your computer.


    Step 1.

    Important Note: Older versions of Java have vulnerabilities that malicious sites can use to exploit and infect your system.

    Microsoft: ‘Unprecedented Wave of Java Exploitation’
    Drive-by Trojan preying on out-of-date Java installations
    Ghosts of Java Haunt Users

    Please follow these steps to remove older version Java components and update:

    Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    Look for "Java Platform, Standard Edition".
    Click the "Download JRE" button to the right.
    Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
    Select your Language: "Multi-language".
    Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
    Click Continue and the page will refresh.
    Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    Close any programs you may have running - especially your web browser.


    Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

    Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
    If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    When the Java Setup - Welcome window opens, click the Install > button.
    If offered to install a Toolbar, just uncheck the box before continuing unless you want it.


    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:

    Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    Click Ok and reboot your computer.

    Step 2.

    Clear the Java cache:

    Go to Start -> Control Panel.
    In the Control Panel, double-click the Java icon.
    The Java Control Panel appears.
    Click Settings... under "Temporary Internet Files".
    The Temporary Files Settings dialog box appears.
    Click Delete Files...
    The Delete Temporary Files dialog box appears.
    Click OK on the Delete Temporary Files window.
    NOTE: This deletes all the Downloaded Applications and Applets from the cache!
    Click OK on the Temporary Files Settings window.
    Close the Java Control Panel.

    You can also view these instructions along with screenshots here.

    Step 3.

    Malwarebytes' Anti-Malware

    Please download >> Malwarebytes Anti-Malware << and save it to your desktop.

    Mirror Link 1
    Mirror Link 2

    Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.
    • Warning: MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs <--Click to see the list or permit them to allow the changes.
      • Make sure you are connected to the Internet.
      • Double-click on mbam-setup.exe to install the application.
        For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
      • When the installation begins, follow the prompts and do not make any changes to default settings.
      • When installation has finished, make sure you leave both of these checked:
        o Update Malwarebytes' Anti-Malware
        o Launch Malwarebytes' Anti-Malware
      • Then click Finish.

        MBAM will automatically start and you will be asked to update the program before performing a scan.
      • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
      • If you encounter any problems while downloading the definition updates, manually download them from >> HERE << and just double-click on mbam-rules.exe to install.

        On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
      • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
      • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
      • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
      • Click OK to close the message box and continue with the removal process.

        Back at the main Scanner screen:
      • Click on the Show Results button to see a list of any malware that was found.
      • Make sure that everything is checked, and click Remove Selected.
      • When removal is completed, a log report will open in Notepad.
      • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
      • Exit MBAM when done.


    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

    If it won't run in normal mode, then run it in safe mode.
    ===================

    Step 4.
    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========

    Summary of the logs I will need in your next reply:
    • MBAM log.
    • The TWO repot logs of OTL.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  7. #7
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post First scan with Malwarebytes

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6592

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19048

    5/16/2011 10:56:30 AM
    mbam-log-2011-05-16 (10-56-30).txt

    Scan type: Quick scan
    Objects scanned: 151075
    Time elapsed: 4 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  8. #8
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Post MBAM Log, OTL Log & Extras Log

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6592

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19048

    5/16/2011 6:15:08 PM
    mbam-log-2011-05-16 (18-15-08).txt

    Scan type: Quick scan
    Objects scanned: 151061
    Time elapsed: 3 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)







    OTL logfile created on: 5/16/2011 5:21:52 PM - Run 3
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.63 Gb Total Space | 161.93 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
    Drive D: | 10.25 Gb Total Space | 1.69 Gb Free Space | 16.47% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/16 16:44:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2009/07/21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/07/21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
    PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
    PRC - [2008/02/12 13:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
    PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/16 16:44:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
    SRV - [2010/04/21 10:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/04/21 10:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/07/21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
    SRV - [2009/04/11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/03/26 15:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/02/12 13:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/04/20 19:01:48 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2011/04/20 19:01:30 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/07/21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/01/20 07:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/05/22 20:29:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/04/01 04:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2008/01/24 06:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
    DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/01 01:38:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\


    O1 HOSTS File: ([2011/05/16 02:10:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Owner\Pictures\Misc Graphics\bluemoon2withtext.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\Misc Graphics\bluemoon2withtext.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/01 01:13:15 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0
    MsConfig - State: "bootini" - 0

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/16 16:44:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/05/16 12:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2011/05/16 12:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/05/16 12:50:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2011/05/16 12:50:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/05/16 12:50:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/05/16 12:50:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/05/16 12:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/05/16 12:42:24 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Owner\Desktop\jre-6u25-windows-i586.exe
    [2011/05/16 10:50:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/16 10:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/16 10:50:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/05/16 10:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/05/16 02:24:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/16 02:24:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/16 02:24:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2011/05/16 01:53:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/15 20:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/05/15 20:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/05/15 19:21:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    [2011/05/15 19:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/05/15 17:53:57 | 000,000,000 | ---D | C] -- C:\OESISDiagnose
    [2011/05/15 17:48:44 | 000,000,000 | R--D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/05/14 16:46:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/14 16:46:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/14 16:46:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/14 16:46:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/14 16:44:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/14 16:26:09 | 000,000,000 | ---D | C] -- C:\ToolBar SD
    [2011/05/11 16:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
    [2011/05/11 16:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/05/11 03:32:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Windows Live
    [2011/05/11 03:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2011/05/10 08:21:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    [2011/05/10 08:15:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2011/05/10 07:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2011/05/10 06:24:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
    [2011/05/10 06:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2011/05/10 01:58:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/05/09 22:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
    [2011/05/09 19:01:00 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2011/05/09 19:01:00 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
    [2011/05/09 11:11:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ProfileSong
    [2011/05/09 11:11:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ConduitEngine
    [2011/05/09 10:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
    [2011/05/09 05:48:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2011/05/09 05:48:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ParetoLogic
    [2011/05/09 05:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2011/05/09 05:32:10 | 000,000,000 | ---D | C] -- C:\inetpub
    [2011/05/09 04:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
    [2011/05/09 03:01:33 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop
    [2011/05/09 02:16:51 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
    [2011/05/09 02:10:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
    [2011/05/09 00:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2011/05/06 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2011/05/04 00:58:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Conduit
    [2011/05/03 01:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
    [2011/04/28 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Tific
    [2011/04/28 03:41:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/04/28 03:40:15 | 000,000,000 | ---D | C] -- C:\4b2591ed7881c18a01938134
    [2011/04/28 03:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2011/04/27 03:45:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Linksys_LLC_-_A_Division_
    [2011/04/27 03:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Linksys
    [2011/04/27 03:41:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
    [2011/04/27 03:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
    [2011/04/27 03:20:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
    [2011/04/26 23:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2011/04/26 23:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2011/04/26 23:21:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\HpUpdate
    [2011/04/26 20:04:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Electronic_Arts_Inc
    [2011/04/26 20:03:55 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
    [2011/04/26 20:03:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
    [2011/04/26 20:03:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
    [2011/04/26 20:03:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
    [2011/04/26 20:03:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
    [2011/04/26 20:03:54 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
    [2011/04/26 20:03:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
    [2011/04/26 20:03:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
    [2011/04/26 20:03:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
    [2011/04/26 20:03:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
    [2011/04/26 20:03:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
    [2011/04/26 20:03:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
    [2011/04/26 20:03:51 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
    [2011/04/26 20:03:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
    [2011/04/26 20:03:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
    [2011/04/26 20:03:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
    [2011/04/26 20:03:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
    [2011/04/26 20:03:49 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
    [2011/04/26 20:03:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
    [2011/04/26 20:03:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
    [2011/04/26 20:03:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
    [2011/04/26 20:03:49 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
    [2011/04/26 20:03:49 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
    [2011/04/26 20:03:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
    [2011/04/26 20:03:48 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
    [2011/04/26 20:03:48 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
    [2011/04/26 20:03:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
    [2011/04/26 20:03:48 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
    [2011/04/26 20:03:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
    [2011/04/26 20:03:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
    [2011/04/26 20:03:48 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
    [2011/04/26 20:03:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
    [2011/04/26 20:03:47 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
    [2011/04/26 20:03:47 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
    [2011/04/26 20:03:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
    [2011/04/26 20:03:44 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
    [2011/04/26 20:03:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
    [2011/04/26 20:03:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
    [2011/04/26 20:03:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
    [2011/04/26 20:03:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
    [2011/04/26 20:03:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
    [2011/04/26 20:03:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
    [2011/04/26 20:03:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
    [2011/04/26 20:03:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
    [2011/04/26 20:03:42 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
    [2011/04/26 20:03:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
    [2011/04/26 20:03:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
    [2011/04/26 20:03:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
    [2011/04/26 20:03:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
    [2011/04/26 20:03:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
    [2011/04/26 20:03:41 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
    [2011/04/26 20:03:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
    [2011/04/26 20:03:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
    [2011/04/26 20:03:40 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
    [2011/04/26 20:03:40 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
    [2011/04/26 20:03:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
    [2011/04/26 20:03:40 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
    [2011/04/26 20:03:39 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
    [2011/04/26 20:03:39 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
    [2011/04/26 20:03:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
    [2011/04/26 20:03:38 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
    [2011/04/26 20:03:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
    [2011/04/26 20:03:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
    [2011/04/26 20:03:38 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
    [2011/04/26 20:03:38 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
    [2011/04/26 20:03:37 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
    [2011/04/26 20:03:37 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
    [2011/04/26 20:03:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
    [2011/04/26 20:03:37 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
    [2011/04/26 20:03:37 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
    [2011/04/26 20:03:36 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
    [2011/04/26 20:03:35 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
    [2011/04/26 20:03:35 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
    [2011/04/26 20:03:35 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
    [2011/04/26 20:03:34 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
    [2011/04/26 20:03:34 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
    [2011/04/26 20:03:33 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
    [2011/04/26 20:03:32 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
    [2011/04/26 20:03:32 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
    [2011/04/26 20:03:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
    [2011/04/26 20:03:32 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
    [2011/04/26 20:03:31 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
    [2011/04/26 20:03:28 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
    [2011/04/26 20:03:28 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
    [2011/04/26 20:03:28 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
    [2011/04/26 20:03:28 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
    [2011/04/26 20:03:27 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
    [2011/04/26 20:03:27 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
    [2011/04/26 20:03:27 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
    [2011/04/26 20:03:26 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
    [2011/04/26 20:03:26 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
    [2011/04/26 20:01:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2011/04/26 15:14:22 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
    [2011/04/26 15:14:22 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
    [2011/04/26 15:14:22 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
    [2011/04/26 15:14:21 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
    [2011/04/26 15:14:21 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
    [2011/04/26 15:11:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2011/04/26 15:11:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2011/04/26 15:11:18 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011/04/26 07:24:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\HP
    [2011/04/26 07:23:11 | 000,264,552 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpinksts9311LM.dll
    [2011/04/24 14:49:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PunkBuster
    [2011/04/24 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\GameTap Web Player
    [2011/04/24 14:09:23 | 000,819,200 | ---- | C] (Metaboli) -- C:\Windows\System32\GameTapWebPlayer_4_4_0_7.ocx
    [2011/04/24 04:00:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Battlefield Play4Free
    [2011/04/24 03:59:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
    [2011/04/24 03:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
    [2011/04/22 12:09:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Games
    [2011/04/22 05:22:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IsolatedStorage
    [2011/04/20 19:01:54 | 000,014,392 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPMDPCoInst12.dll
    [2011/04/20 19:01:30 | 000,035,896 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\Accelerometer.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/16 16:44:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/05/16 16:26:06 | 000,000,457 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2011/05/16 16:25:52 | 000,094,059 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/05/16 16:25:51 | 000,094,059 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/05/16 16:24:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/16 16:24:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/16 16:24:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/16 16:23:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/05/16 12:50:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2011/05/16 12:50:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/05/16 12:50:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/05/16 12:50:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/05/16 12:42:30 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Owner\Desktop\jre-6u25-windows-i586.exe
    [2011/05/16 10:50:52 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/16 02:10:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/05/16 00:57:31 | 000,021,256 | -HS- | M] () -- C:\Users\Owner\AppData\Local\8yo32u74a4
    [2011/05/16 00:57:31 | 000,021,256 | -HS- | M] () -- C:\ProgramData\8yo32u74a4
    [2011/05/15 23:51:41 | 000,028,672 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/15 20:59:46 | 000,000,082 | ---- | M] () -- C:\Users\Owner\Documents\cc_20110515_205941.reg
    [2011/05/15 20:53:30 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/05/15 18:35:48 | 000,001,537 | ---- | M] () -- C:\Users\Owner\Desktop\Windows Explorer.lnk
    [2011/05/15 18:35:28 | 000,000,293 | ---- | M] () -- C:\Users\Owner\El - Shortcut.lnk
    [2011/05/15 17:40:09 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2011/05/15 09:00:12 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Owner - Full System Scan.job
    [2011/05/15 07:30:44 | 000,372,380 | ---- | M] () -- C:\Users\Owner\More files.htm
    [2011/05/14 23:09:03 | 000,653,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/05/14 23:09:03 | 000,118,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/05/13 13:15:17 | 000,723,019 | ---- | M] () -- C:\Users\Owner\Documents\index (2).dat
    [2011/05/12 16:59:56 | 000,369,616 | ---- | M] () -- C:\Users\Owner\Normal File Types.htm
    [2011/05/12 09:22:32 | 000,002,320 | ---- | M] () -- C:\{F95EB18C-2369-411D-97AE-0B5A97C9767A}
    [2011/05/11 19:55:25 | 000,000,943 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/11 03:53:11 | 000,402,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/05/11 03:27:26 | 001,782,350 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\Cat.DB
    [2011/05/11 01:21:24 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
    [2011/05/11 00:41:35 | 000,000,928 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2011/05/10 11:39:19 | 000,002,627 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
    [2011/05/10 03:30:23 | 000,139,725 | ---- | M] () -- C:\Users\Owner\Documents\faq_hijackthis_061509.pdf
    [2011/05/09 19:01:00 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2011/05/09 19:01:00 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
    [2011/05/09 00:08:36 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
    [2011/05/08 23:27:20 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
    [2011/05/06 00:11:01 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/05/06 00:11:00 | 000,000,964 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/04/28 20:29:05 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1206000.01D\isolate.ini
    [2011/04/28 19:48:51 | 000,409,011 | -HS- | M] () -- C:\Users\Owner\Documents\index.dat
    [2011/04/26 15:14:22 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
    [2011/04/26 15:14:22 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
    [2011/04/26 15:14:22 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
    [2011/04/26 15:14:21 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
    [2011/04/26 15:14:21 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
    [2011/04/24 03:59:45 | 000,138,056 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
    [2011/04/22 02:05:18 | 000,000,938 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/04/20 19:01:54 | 000,014,392 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\HPMDPCoInst12.dll
    [2011/04/20 19:01:48 | 000,025,656 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\hpdskflt.sys
    [2011/04/20 19:01:36 | 000,016,952 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\accelerometerdll.DLL
    [2011/04/20 19:01:30 | 000,035,896 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\Accelerometer.sys
    [2011/04/16 19:35:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/16 10:50:52 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/15 20:59:46 | 000,000,082 | ---- | C] () -- C:\Users\Owner\Documents\cc_20110515_205941.reg
    [2011/05/15 20:53:30 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/05/15 18:44:46 | 000,021,256 | -HS- | C] () -- C:\Users\Owner\AppData\Local\8yo32u74a4
    [2011/05/15 18:44:46 | 000,021,256 | -HS- | C] () -- C:\ProgramData\8yo32u74a4
    [2011/05/15 18:35:48 | 000,001,537 | ---- | C] () -- C:\Users\Owner\Desktop\Windows Explorer.lnk
    [2011/05/15 18:35:28 | 000,000,293 | ---- | C] () -- C:\Users\Owner\El - Shortcut.lnk
    [2011/05/15 07:30:44 | 000,372,380 | ---- | C] () -- C:\Users\Owner\More files.htm
    [2011/05/14 16:46:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/14 16:46:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/14 16:46:12 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/14 16:46:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/14 16:46:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/12 16:59:55 | 000,369,616 | ---- | C] () -- C:\Users\Owner\Normal File Types.htm
    [2011/05/12 09:22:32 | 000,002,320 | ---- | C] () -- C:\{F95EB18C-2369-411D-97AE-0B5A97C9767A}
    [2011/05/11 19:55:25 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/05/11 01:21:24 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
    [2011/05/11 00:41:28 | 000,000,928 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
    [2011/05/10 11:38:32 | 000,002,627 | ---- | C] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
    [2011/05/10 09:37:51 | 000,001,537 | ---- | C] () -- C:\Users\Owner\Windows Explorer.lnk
    [2011/05/10 09:37:25 | 000,001,896 | ---- | C] () -- C:\Users\Owner\Desktop\FreeCell.lnk
    [2011/05/10 03:30:23 | 000,139,725 | ---- | C] () -- C:\Users\Owner\Documents\faq_hijackthis_061509.pdf
    [2011/05/09 00:08:36 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
    [2011/05/08 08:48:56 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Owner - Full System Scan.job
    [2011/05/06 00:11:00 | 000,000,964 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/05/06 00:11:00 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/04/24 14:50:22 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
    [2011/04/24 14:09:23 | 000,000,297 | ---- | C] () -- C:\Windows\System32\GameTapWebPlayer_4_4_0_7.inf
    [2011/04/24 03:59:45 | 000,138,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
    [2011/04/22 02:05:18 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/01/15 08:15:09 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
    [2010/11/30 22:52:53 | 000,000,322 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2010/11/20 11:40:37 | 000,028,672 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/18 20:13:55 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2010/11/17 08:43:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/11/17 08:42:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/11/17 08:42:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/11/16 09:54:31 | 000,094,059 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/11/16 09:54:30 | 000,094,059 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/07/01 01:28:04 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:47:37 | 000,402,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:33:01 | 000,653,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,118,928 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2011/05/09 05:48:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2011/05/09 05:48:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ParetoLogic
    [2011/01/15 08:15:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
    [2011/01/16 01:57:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
    [2011/01/15 20:59:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Super-Cow
    [2010/11/30 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
    [2011/04/28 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
    [2011/05/16 16:23:43 | 000,032,564 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
    [2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\drivers\AGP440.sys
    [2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
    [2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    [2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [2008/01/20 19:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
    [2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
    [2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [2009/04/11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/20 19:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
    [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
    [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

    < MD5 for: IASTOR.SYS >
    [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
    [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
    [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\System32\drivers\iaStor.sys
    [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\drivers\iaStorV.sys
    [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
    [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
    [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/04/11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2009/04/11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
    [2009/04/11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
    [2008/01/20 19:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
    [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\drivers\nvstor.sys
    [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
    [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 19:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    [2009/04/11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2009/04/11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
    [2009/04/11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >





    OTL Extras logfile created on: 5/16/2011 5:21:52 PM - Run 3
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19048)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.63 Gb Total Space | 161.93 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
    Drive D: | 10.25 Gb Total Space | 1.69 Gb Free Space | 16.47% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DisableUnicastResponsesToMulticastBroadcast" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{282D2C7C-C292-42CE-BDD2-9DED70030065}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{2CAFEA8D-6612-404A-B6AA-A6321A737BD3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{74BB3596-6EF3-4175-B957-B43B276CEE59}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{AD7A971F-3FB1-4890-BB5C-4267890BBEEB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{C222E6FA-F542-4389-8D62-F580EE581522}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{E0321F69-0217-46DB-99E1-85C01A57B4B3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
    "{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
    "{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
    "{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
    "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
    "{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
    "{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
    "{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "CCleaner" = CCleaner
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WildTangent hp Master Uninstall" = My HP Games
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/16/2011 5:40:42 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/16/2011 5:49:15 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 5/16/2011 5:49:51 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 5/16/2011 6:16:25 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 5/16/2011 6:18:06 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 5/16/2011 6:37:36 AM | Computer Name = Owner-PC | Source = MsiInstaller | ID = 11719
    Description =

    Error - 5/16/2011 6:42:09 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/16/2011 1:44:29 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/16/2011 3:19:09 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/16/2011 5:19:53 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
    Description = Faulting application HpqSRmon.exe, version 10.0.0.202, time stamp
    0x46c64b4e, faulting module HpqSRmon.exe, version 10.0.0.202, time stamp 0x46c64b4e,
    exception code 0xc0000005, fault offset 0x000032db, process id 0xdd8, application
    start time 0x01cc140ef966027a.

    [ System Events ]
    Error - 5/16/2011 3:19:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/16/2011 3:19:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 5/16/2011 3:19:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 5/16/2011 5:19:09 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 2:17:12 PM on 5/16/2011 was unexpected.

    Error - 5/16/2011 5:20:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/16/2011 5:20:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 5/16/2011 5:20:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
    Description =

    Error - 5/16/2011 7:26:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/16/2011 7:26:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 5/16/2011 7:26:13 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >







    Thank you for being patient with me.

  9. #9
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Default

    I think they forgot abou.t me. Hope to find out whats up?

  10. #10
    Member
    Join Date
    May 2011
    Location
    Los Angeles County
    Posts
    11
    Points
    0

    Default

    How long does it take to review my logs? These were posted on the 16th and its now the 23rd. It hard being stuck in limbo with instructions not to do anything else until I was notified.

    Im waiting patiently.....................

Page 1 of 2 12 LastLast