Inactive Need help with gmer log

[tmoss]

Recently posted some problems I was having but got no responses...Talked to a couple of tech guys onm the phone and they think I have a rootkit... Avira, Malwarebytes, Microsoft malware, Kaspersky TSSD, all say I am clean...

Ran GMER and this is what came up...Not sure what it means..

MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-29 21:42:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0085
Running: 1etlz9sz.exe; Driver: C:\Users\ADMINI~1.TMO\AppData\Local\Temp\fgloipoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8CBDFA7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[Broni]

Welcome aboard

GMER doesn't indicate any rootkit activity.

What are the problems?

 

[tmoss]

Windows Vista Ultimate...Lately I have had lots of strange things happening...First of all, I started losing permissions to run certain programs such as SuperAntispyware and Malwarebytes and I had not madeany changes to anything.... Eventually ran Microsoft Essentials, Microsoft Malware, and Avira, all said I was Clean...Tried to just look around in some system files (did not change anything) and got my account restricted with black screen...Anyway seems microsoft was changing things on my pc if that's possible... Long story short, I have access back to programs but when I go down to my connect to network icon it says status not available and also says the dependency or group could not be started...Can get online in safe mode, but with no sound...My back-up for Vista was loaded on D-drive and now I can't restore , also some functions such as in user accounts I can't click on any of the tasks... On services page A lot of the services say can't be started on local...A lot of services info has been changed and may be the culprit but not sure...Is there hope?

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[tmoss]

Logs

Here are the logs you requested and thank you for your help...Also not sure if this matters but when I lik on certain things I get"cannot find" %windir%\\system32\\rundll.exe

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8281

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/1/2011 12:59:07 AM
mbam-log-2011-12-01 (00-59-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 377230
Time elapsed: 47 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-01 02:21:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0085
Running: 976to6tz.exe; Driver: C:\Users\ADMINI~1.TMO\AppData\Local\Temp\fgloipoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3972] kernel32.dll!CreateThread + 1A 76CDCB48 4 Bytes CALL 004553F1 C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3972] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00455548] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)
IAT C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe[3972] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00455548] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (Advanced SystemCare 5 Tray/IObit)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

____________________________________________________-

 

[tmoss]

Logs continued

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 2:29:27 on 2011-12-01
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.1373 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\google\google desktop search\GoogleDesktop.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\google\google desktop search\GoogleDesktop.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.4Loot.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080221
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\googledesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DellSupportCenter]
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 1 (0x1)
mPolicies-system: disableCAD = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{34620C71-3B3E-47CC-B5C0-C467306FDF63} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator.tmoss-pc\appdata\roaming\mozilla\firefox\profiles\wplzfdlp.default\
FF - prefs.js: browser.startup.homepage - www.4Loot.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
.
---- FIREFOX POLICIES ----
FF - user.js: accessibility.blockautorefresh - true
FF - user.js: app.update.auto - false
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1321938616
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1321938856
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1321938736
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1321963275
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 2
FF - user.js: browser.privatebrowsing.autostart - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage_override.buildID - 20111104165243
FF - user.js: browser.startup.homepage_override.mstone - rv:8.0
FF - user.js: browser.urlbar.autocomplete.enabled - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: extensions.blocklist.pingCountTotal - 4
FF - user.js: extensions.blocklist.pingCountVersion - 4
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:5.0
FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1321144850386},\{cafeefac-0016-0000-0029-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0029-abcdeffedcba}\,\mtime\:1321631140430}}},{\name\:\app-profile\,\addons\:{\{fde3fee9-893e-4cc7-a814-60e0de7b2e01}\:{\descriptor\:\c:\\\\users\\\\administrator.tmoss-pc\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\wplzfdlp.default\\\\extensions\\\\{fde3fee9-893e-4cc7-a814-60e0de7b2e01}.xpi\,\mtime\:1321805383513}}}]
FF - user.js: extensions.lastAppVersion - 8.0
FF - user.js: extensions.lastPlatformVersion - 8.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: font.default.x-user-def - serif
FF - user.js: font.language.group - x-armn
FF - user.js: font.minimum-size.x-user-def - 12
FF - user.js: font.name.serif.x-western - Arial
FF - user.js: font.size.fixed.x-user-def - 14
FF - user.js: font.size.variable.x-user-def - 14
FF - user.js: general.skins.selectedSkin - Aeon_Clouds
FF - user.js: idle.lastDailyNotification - 1321940893
FF - user.js: intl.accept_languages - en-us
FF - user.js: intl.charset.default - armscii-8
FF - user.js: intl.charsetmenu.browser.cache - windows-1250, UTF-16, ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1321940893
FF - user.js: places.history.expiration.transient_current_max_pages - 64340
FF - user.js: plugin.disable_full_page_plugin_for_types -
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.language.disable_button.remove - false
FF - user.js: pref.browser.language.disable_button.up - false
FF - user.js: pref.downloads.disable_button.edit_actions - false
FF - user.js: pref.general.disable_button.default_browser - false
FF - user.js: pref.privacy.disable_button.view_passwords - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.OCSP.disable_button.managecrl - false
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1321450834
FF - user.js: toolkit.telemetry.prompted - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324395828
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.103 -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: browser.startup.homepage - www.4Loot.com
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-2-20 73728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-22 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-3 2255464]
S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 135664]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-22 490840]
.
=============== Created Last 30 ================
.
2011-12-01 05:18:23 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Apple
2011-12-01 05:06:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 05:06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-01 04:59:30 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\roaming\Malwarebytes
2011-12-01 03:01:14 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\HP
2011-11-25 20:51:45 -------- d-----w- c:\windows\system32\NtmsData
2011-11-25 17:37:19 -------- d--h--w- c:\windows\PIF
2011-11-25 04:32:22 -------- d-----w- c:\programdata\Avira
2011-11-22 16:21:18 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-21 09:05:26 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Microsoft Games
2011-11-20 12:42:51 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\roaming\PeerNetworking
2011-11-20 12:16:23 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Adobe
2011-11-18 15:47:30 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\MediaDirect
2011-11-18 14:19:28 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Microsoft Corporation
2011-11-18 09:29:54 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Apple Computer
2011-11-17 19:16:52 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-11-16 14:48:29 -------- d-----w- c:\windows\pss
2011-11-13 00:28:53 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Mozilla
2011-11-13 00:03:28 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\Google
2011-11-13 00:03:26 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\SupportSoft
2011-11-12 22:03:07 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\local\ArcSoft
2011-11-12 22:02:51 -------- d-----w- c:\users\administrator.tmoss-pc\appdata\roaming\IObit
2011-11-09 05:26:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 05:26:27 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:26:27 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 05:26:25 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-05 17:34:27 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-04 08:19:15 -------- d-----w- c:\program files\Windows Portable Devices
2011-11-04 07:00:59 839168 ----a-w- c:\windows\system32\drivers\umdf\WpdMtpDr.dll
2011-11-03 09:04:24 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-03 08:06:44 -------- d-----w- c:\program files\common files\Intel
2011-11-03 07:36:49 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-11-03 07:36:49 599144 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-03 07:36:49 309352 ----a-w- c:\windows\system32\nvhotkey.dll
2011-11-03 07:36:48 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-03 07:36:47 2558568 ----a-w- c:\windows\system32\nvsvc.dll
2011-11-03 07:36:46 3730024 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-03 07:36:46 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-03 07:36:07 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-03 07:25:12 6613096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-11-03 07:25:12 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-03 07:25:11 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-03 07:25:11 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-03 07:25:11 5404776 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-03 07:25:11 2412136 ----a-w- c:\windows\system32\nvapi.dll
2011-11-03 07:25:11 2391656 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-03 07:25:11 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-03 07:25:11 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-03 07:25:11 16595560 ----a-w- c:\windows\system32\nvoglv32.dll
2011-11-03 07:25:11 12636776 ----a-w- c:\windows\system32\nvd3dum.dll
2011-11-03 07:25:11 10304104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
.
==================== Find3M ====================
.
2011-11-18 15:45:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 18:44:39 40960 ----a-w- c:\windows\system32\cliconfg.rll
2011-10-04 18:43:28 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-10-04 18:40:46 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2011-10-04 18:40:45 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2011-10-04 18:40:45 200704 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2011-10-04 18:40:45 12288 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-04 18:40:43 40960 ----a-w- c:\windows\system32\drivers\amdk8.sys
2011-10-04 18:40:41 811008 ----a-w- c:\windows\system32\cximage.dll
2011-10-04 18:40:41 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2011-10-04 18:38:55 573440 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-04 18:38:55 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-04 18:38:54 647168 ----a-w- c:\windows\system32\aestecap.dll
2011-10-04 18:38:54 131072 ----a-w- c:\windows\system32\aestacap.dll
2011-10-04 18:19:42 90112 ----a-w- c:\windows\CtDrvIns.exe
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 2:31:09.02 ===============

_____________________________________________________________________________________

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 2/20/2008 11:20:32 PM
System Uptime: 12/1/2011 2:27:43 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0XR509
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 136 GiB total, 85.427 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 2.232 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced SystemCare 5
Advanced Video FX Engine
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Browser Address Error Redirector
CCleaner
CCScore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Fingerprint Reader Suite 5.6
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1000 J110 series Basic Device Software
HP Update
Intel PROSet Wireless
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 29
Kodak EasyShare software
KODAK Share Button App
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
netbrdg
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 280.19
NVIDIA 3D Vision Driver 280.26
NVIDIA Control Panel 280.26
NVIDIA Graphics Driver 280.26
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.4.28
NVIDIA Update Components
OfotoXMI
OutlookAddinSetup
Product Documentation Launcher
QuickSet
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
staticcr
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Media Player Firefox Plugin
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
12/1/2011 2:32:26 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The system cannot find the file specified.
12/1/2011 2:30:29 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:30:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 2:30:29 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:30:28 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:29:47 AM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:29:46 AM, Error: Service Control Manager [7023] - The Application Information service terminated with the following error: The system could not find the environment option that was entered.
12/1/2011 2:29:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:29:46 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 2:29:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/1/2011 2:29:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/1/2011 2:29:45 AM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COM+ System Application service to connect.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7001] - The Terminal Services Configuration service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7001] - The SL UI Notification Service service depends on the Network List Service service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The system cannot find the file specified.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:28:23 AM, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2011 2:28:08 AM, Error: Microsoft-Windows-TaskScheduler [701] - Task Scheduler service failed to start Task Compatibility module. Tasks may not be able to register on previous Window versions. Additional Data: Error Value: 2147942526.
12/1/2011 2:26:04 AM, Error: Service Control Manager [7000] - The TPM Base Services service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
12/1/2011 2:24:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
12/1/2011 2:24:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 2:24:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/1/2011 2:24:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/1/2011 2:24:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/1/2011 2:24:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2011 2:24:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/1/2011 2:24:24 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001DE0739EA3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/1/2011 1:43:10 AM, Error: EventLog [6008] - The previous system shutdown at 1:41:29 AM on 12/1/2011 was unexpected.
12/1/2011 1:26:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
11/30/2011 9:55:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr spldr ssmdrv Wanarpv6
11/30/2011 9:52:24 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Realtime Protection service which failed to start because of the following error: The operation completed successfully.
11/30/2011 10:32:44 PM, Error: VDS Dynamic Provider [10] - The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505
11/30/2011 10:31:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sdrsvc with arguments "" in order to run the server: {47135EEA-06B6-4452-8787-4A187C64A47E}
11/30/2011 10:11:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/30/2011 10:10:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/29/2011 8:31:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6 ws2ifsl
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2011 8:31:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/29/2011 8:29:59 PM, Error: EventLog [6008] - The previous system shutdown at 8:25:19 PM on 11/29/2011 was unexpected.
11/29/2011 7:56:18 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
11/29/2011 7:40:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IMF Service service to connect.
11/29/2011 7:40:13 PM, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/29/2011 6:41:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr SASDIFSV SASKUTIL spldr ssmdrv Wanarpv6
11/29/2011 3:40:02 PM, Error: Service Control Manager [7030] - The Avira Realtime Protection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/29/2011 3:25:50 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
11/28/2011 5:45:10 PM, Error: EventLog [6008] - The previous system shutdown at 5:39:22 PM on 11/28/2011 was unexpected.
11/28/2011 4:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
11/28/2011 4:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/28/2011 3:48:58 PM, Error: Service Control Manager [7000] - The Function Discovery Provider Host service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/28/2011 3:40:17 PM, Error: Service Control Manager [7000] - The Thread Ordering Server service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/28/2011 3:39:28 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/28/2011 3:05:16 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
11/28/2011 12:28:29 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
11/27/2011 4:16:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
11/27/2011 3:58:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {AFD8EA5A-2B6E-4504-B681-C6E8BAD64BB6}
11/27/2011 3:33:47 PM, Error: Service Control Manager [7030] - The Computer Browser service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:33:12 PM, Error: Service Control Manager [7030] - The Net.Tcp Port Sharing Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:32:42 PM, Error: Service Control Manager [7030] - The WinHTTP Web Proxy Auto-Discovery Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:32:18 PM, Error: Service Control Manager [7030] - The Windows Backup service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:31:46 PM, Error: Service Control Manager [7030] - The Smart Card Removal Policy service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:31:19 PM, Error: Service Control Manager [7030] - The Remote Access Connection Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:31:01 PM, Error: Service Control Manager [7030] - The Remote Access Auto Connection Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:30:25 PM, Error: Service Control Manager [7030] - The Remote Registry service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:28:55 PM, Error: Service Control Manager [7030] - The SigmaTel Audio Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/27/2011 3:22:35 PM, Error: Service Control Manager [7038] - The SDRSVC service was unable to log on as .\Administrator with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/27/2011 3:22:35 PM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The service did not start due to a logon failure.
11/27/2011 3:18:34 PM, Error: EventLog [6008] - The previous system shutdown at 3:16:11 PM on 11/27/2011 was unexpected.
11/27/2011 1:53:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
11/27/2011 1:52:16 PM, Error: Service Control Manager [7023] -
11/27/2011 1:52:16 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
11/27/2011 1:52:16 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
11/27/2011 1:46:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service sdrsvc with arguments "" in order to run the server: {47135EEA-06B6-4452-8787-4A187C64A47E}
11/27/2011 1:15:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/25/2011 5:21:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/25/2011 5:21:36 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2011 5:21:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/25/2011 5:19:54 PM, Error: Service Control Manager [7038] - The ALG service was unable to log on as .\Administrator with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/25/2011 5:19:54 PM, Error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
11/25/2011 4:56:42 PM, Error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/25/2011 4:56:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1079" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/25/2011 4:53:42 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/25/2011 4:38:21 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/25/2011 3:17:56 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
11/25/2011 3:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/25/2011 3:14:01 PM, Error: Service Control Manager [7038] - The ALG service was unable to log on as .\TMoss with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/25/2011 3:14:01 PM, Error: Service Control Manager [7001] - The SL UI Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/25/2011 3:13:46 PM, Error: EventLog [6008] - The previous system shutdown at 12:47:26 PM on 11/25/2011 was unexpected.
.
==== End Of File ===========================

 

[Broni]

You're not running any AV program.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan and report on any findings.

=============================================================

Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[tmoss]

Axast says Everything is clean but Ade is blocked.., ..After running combo fix I can't click on anything without it saying the registry file is marked for deletion...

__________________________________________________________________________________

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 14:31:06
-----------------------------
14:31:06.370 OS Version: Windows 6.0.6002 Service Pack 2
14:31:06.371 Number of processors: 2 586 0xF0D
14:31:06.372 ComputerName: TMOSS-PC UserName:
14:31:52.993 Initialize success
14:31:53.299 AVAST engine defs: 11120401
14:32:12.166 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:32:12.168 Disk 0 Vendor: FUJITSU_ 0085 Size: 152627MB BusType: 3
14:32:12.182 Disk 0 MBR read successfully
14:32:12.184 Disk 0 MBR scan
14:32:12.187 Disk 0 Windows VISTA default MBR code
14:32:12.192 Disk 0 scanning sectors +312578048
14:32:12.265 Disk 0 scanning C:\Windows\system32\drivers
14:32:20.317 Service scanning
14:32:20.883 Modules scanning
14:32:21.125 Disk 0 trace - called modules:
14:32:21.170 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:32:21.173 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85963ac8]
14:32:21.176 3 CLASSPNP.SYS[883ce8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a03030]
14:32:21.715 AVAST engine scan C:\Windows
14:32:23.957 AVAST engine scan C:\Windows\system32
14:33:58.471 AVAST engine scan C:\Windows\system32\drivers
14:34:07.425 AVAST engine scan C:\Users\Administrator.TMoss-PC
14:34:35.848 AVAST engine scan C:\ProgramData
14:34:59.544 Scan finished successfully
14:39:31.764 Disk 0 MBR has been saved successfully to "C:\Users\Administrator.TMoss-PC\Desktop\MBR.dat"
14:39:32.012 The log file has been saved successfully to "C:\Users\Administrator.TMoss-PC\Desktop\aswMBR.txt"


________________________________________________________________________




ComboFix 11-12-04.03 - Administrator 12/04/2011 14:59:10.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2045.888 [GMT -5:00]
Running from: c:\users\Administrator.TMoss-PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents.lnk
c:\programdata\Roaming
c:\users\TMoss\{96742679-5970-43C1-98B0-2776BDDFEA29}.tmp
c:\users\TMoss\{DD5CC897-60C5-448D-9192-8B7E10017E3D}.tmp
c:\users\TMoss\~DF14CC.tmp
c:\users\TMoss\~DF51F0.tmp
c:\users\TMoss\~DF52FB.tmp
c:\users\TMoss\~DF58B1.tmp
c:\users\TMoss\~DF6607.tmp
c:\users\TMoss\~DF7579.tmp
c:\users\TMoss\~DFABBA.tmp
c:\users\TMoss\~DFC262.tmp
c:\users\TMoss\~DFE03B.tmp
c:\users\TMoss\~DFE189.tmp
c:\users\TMoss\~DFF2FA.tmp
c:\users\TMoss\34B.tmp
c:\users\TMoss\DMI29D7.tmp
c:\users\TMoss\E2D0.tmp
c:\users\TMoss\F871.tmp
c:\users\TMoss\install_flashplayer11x32_mssd_aih.exe
c:\users\TMoss\install_flashplayer11x32_mssd_aih_1.exe
c:\users\TMoss\tmp1279.tmp
c:\users\TMoss\tmp1815.tmp
c:\users\TMoss\tmp2057.tmp
c:\users\TMoss\tmp2AED.tmp
c:\users\TMoss\tmp30AE.tmp
c:\users\TMoss\tmp3AF5.tmp
c:\users\TMoss\tmp4C03.tmp
c:\users\TMoss\tmp5393.tmp
c:\users\TMoss\tmp5B28.tmp
c:\users\TMoss\tmp6221.tmp
c:\users\TMoss\tmp67F.tmp
c:\users\TMoss\tmp822A.tmp
c:\users\TMoss\tmp94EF.tmp
c:\users\TMoss\tmpACA0.tmp
c:\users\TMoss\tmpD25F.tmp
c:\users\TMoss\tmpED9B.tmp
c:\users\TMoss\tmpFC4D.tmp
c:\users\TMoss\tmpFF5E.tmp
c:\users\TMoss\wbk1293.tmp
c:\users\TMoss\wbk1A5C.tmp
c:\users\TMoss\wbk1F26.tmp
c:\users\TMoss\wbk3DA6.tmp
c:\users\TMoss\wbk7227.tmp
c:\users\TMoss\wbk734E.tmp
c:\users\TMoss\wbk7CCF.tmp
c:\users\TMoss\wbkCFCF.tmp
c:\users\TMoss\wbkF646.tmp
c:\windows\system32\config\systemprofile\GUR1C65.tmp
c:\windows\system32\config\systemprofile\GUR2902.tmp
c:\windows\system32\config\systemprofile\GUR8880.tmp
c:\windows\system32\config\systemprofile\GURAE48.tmp
c:\windows\system32\config\systemprofile\GURB4DD.tmp
c:\windows\system32\config\systemprofile\GURBB81.tmp
c:\windows\system32\config\systemprofile\GURC30.tmp
c:\windows\system32\config\systemprofile\sig88CE.tmp
c:\windows\system32\config\systemprofile\sig9405.tmp
c:\windows\system32\config\systemprofile\sig9445.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 20:11 . 2011-12-04 20:11 -------- d-----w- c:\users\UpdatusUser.TMoss-PC\AppData\Local\temp
2011-12-04 20:11 . 2011-12-04 20:11 -------- d-----w- c:\users\UpdatusUser.TMoss-PC.000\AppData\Local\temp
2011-12-04 20:11 . 2011-12-04 20:11 -------- d-----w- c:\users\TMoss\AppData\Local\temp
2011-12-04 20:11 . 2011-12-04 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 17:23 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-04 17:23 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-04 17:23 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-04 17:23 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-04 17:23 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-04 17:23 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-04 17:23 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-04 17:23 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-04 17:22 . 2011-12-04 17:22 -------- d-----w- c:\programdata\AVAST Software
2011-12-04 17:22 . 2011-12-04 17:22 -------- d-----w- c:\program files\AVAST Software
2011-12-04 01:59 . 2011-12-04 01:59 -------- d-----w- c:\users\TMoss\WPDNSE
2011-12-04 01:59 . 2011-12-04 01:59 -------- d-----w- c:\users\TMoss\ArcUpdater
2011-12-01 05:06 . 2011-12-01 05:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-01 05:06 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 20:29 . 2011-11-28 20:29 -------- d-----w- c:\windows\system32\config\systemprofile\TfsStore
2011-11-25 20:51 . 2011-12-03 04:31 -------- d-----w- c:\windows\system32\NtmsData
2011-11-25 17:37 . 2011-11-25 17:37 -------- d--h--w- c:\windows\PIF
2011-11-25 04:32 . 2011-12-01 03:13 -------- d-----w- c:\programdata\Avira
2011-11-23 09:28 . 2011-11-23 09:28 -------- d-----w- c:\users\TMoss\OneNote
2011-11-22 23:27 . 2011-11-22 23:27 -------- d-----w- c:\users\TMoss\New Folder
2011-11-22 16:21 . 2011-10-20 03:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-18 05:19 . 2011-11-18 05:19 -------- d-----w- c:\users\TMoss\AppData\Local\ElevatedDiagnostics
2011-11-18 05:18 . 2011-11-18 05:19 -------- d-----w- c:\users\TMoss\msdtadmin
2011-11-18 05:18 . 2011-11-18 05:19 -------- d-----w- c:\users\TMoss\MATS-Temp
2011-11-17 22:05 . 2011-11-17 22:05 -------- d-----w- c:\users\TMoss\Temp3_ivdf_fusebundle_nt_en.zip
2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\users\TMoss\Temp1_manifest.zip
2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\users\TMoss\Temp1_rdrmessage.zip
2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\users\TMoss\Temp1_PROCESSLISTRELATED.ZIP
2011-11-17 22:04 . 2011-11-17 22:04 -------- d-----w- c:\users\TMoss\Temp1_PROCESSLIST.ZIP
2011-11-17 22:03 . 2011-11-17 22:04 -------- d-----w- c:\users\TMoss\Temp2_ivdf_fusebundle_nt_en.zip
2011-11-17 22:02 . 2011-11-17 22:03 -------- d-----w- c:\users\TMoss\Temp1_ivdf_fusebundle_nt_en.zip
2011-11-17 21:33 . 2011-11-18 04:15 -------- d-----w- c:\users\TMoss\plugtmp-3
2011-11-17 19:16 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2011-11-17 05:44 . 2011-11-17 05:44 -------- d-----w- c:\users\TMoss\AppData\Roaming\ArcSoft
2011-11-16 20:23 . 2011-11-16 20:23 -------- d-----w- c:\users\TMoss\CR_1F2CC.tmp
2011-11-16 19:20 . 2011-11-16 19:20 -------- d-----w- c:\users\TMoss\OIS
2011-11-16 14:54 . 2011-11-16 14:54 -------- d-----w- c:\users\TMoss\E2D0.dir
2011-11-16 07:48 . 2011-11-16 07:48 -------- d-----w- c:\users\TMoss\msohtmlclip
2011-11-16 02:58 . 2011-11-16 03:21 -------- d-----w- c:\users\TMoss\plugtmp-2
2011-11-16 02:10 . 2011-11-16 02:10 -------- d-----w- c:\users\TMoss\VBE
2011-11-15 21:39 . 2011-11-15 22:13 -------- d-----w- c:\users\TMoss\plugtmp-1
2011-11-15 20:59 . 2011-11-15 21:36 -------- d-----w- c:\users\TMoss\plugtmp
2011-11-13 01:11 . 2011-11-17 20:59 -------- d-----w- c:\users\TMoss\mozilla-media-cache
2011-11-13 01:10 . 2011-11-17 15:40 -------- d-----w- c:\users\TMoss\Low
2011-11-13 00:29 . 2011-11-13 00:30 -------- d-----w- c:\windows\system32\config\systemprofile\Google Toolbar
2011-11-12 22:00 . 2011-12-02 15:05 -------- d-----w- c:\users\Administrator.TMoss-PC
2011-11-10 16:42 . 2011-11-30 00:38 -------- d-----w- c:\users\Guest
2011-11-10 16:18 . 2011-11-10 16:18 -------- d-----w- c:\windows\system32\config\systemprofile\HP
2011-11-09 05:26 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 05:26 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:26 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 05:26 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-07 13:02 . 2011-11-07 13:02 -------- d-----w- c:\users\TMoss\AppData\Roaming\PeerNetworking
2011-11-05 17:34 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 15:45 . 2011-07-29 09:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-03 09:04 . 2011-11-03 09:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-03 09:02 . 2011-11-03 09:02 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-11-03 09:02 . 2011-11-03 09:02 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-11-03 09:02 . 2011-11-03 09:02 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-11-03 09:02 . 2011-11-03 09:02 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-11-03 09:02 . 2011-11-03 09:02 40448 ----a-w- c:\windows\system32\winrs.exe
2011-11-03 09:02 . 2011-11-03 09:02 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-11-03 09:02 . 2011-11-03 09:02 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-11-03 09:02 . 2011-11-03 09:02 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-11-03 09:02 . 2011-11-03 09:02 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-11-03 09:02 . 2011-11-03 09:02 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-11-03 09:02 . 2011-11-03 09:02 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-11-03 09:02 . 2011-11-03 09:02 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-11-03 09:02 . 2011-11-03 09:02 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-11-03 09:02 . 2011-11-03 09:02 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-11-03 09:02 . 2011-11-03 09:02 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-11-03 09:02 . 2011-11-03 09:02 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-11-03 09:02 . 2011-11-03 09:02 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-11-03 09:02 . 2011-11-03 09:02 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-11-03 09:02 . 2011-11-03 09:02 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-10-04 18:44 . 2006-11-02 08:11 40960 ----a-w- c:\windows\system32\cliconfg.rll
2011-10-04 18:43 . 2006-11-02 06:37 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-10-04 18:41 . 2009-04-13 01:39 102400 ----a-w- c:\windows\system32\stacsv.exe
2011-10-04 18:41 . 2009-04-13 01:38 4947968 ----a-w- c:\windows\system32\stacgui.cpl
2011-10-04 18:41 . 2009-04-13 01:38 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-10-04 18:41 . 2008-02-21 12:12 90112 ----a-w- c:\windows\system32\snymsico.dll
2011-10-04 18:41 . 2008-02-21 11:49 5976064 ----a-w- c:\windows\system32\SETE54F.tmp
2011-10-04 18:41 . 2008-02-21 11:49 520192 ----a-w- c:\windows\system32\SETDD79.tmp
2011-10-04 18:41 . 2008-02-21 11:47 430080 ----a-w- c:\windows\system32\PRODUCTRED.scr
2011-10-04 18:41 . 2009-06-16 19:59 151552 ----a-w- c:\windows\system32\nvcod155.dll
2011-10-04 18:41 . 2009-01-30 13:12 135168 ----a-w- c:\windows\system32\nvcod138.dll
2011-10-04 18:41 . 2008-02-21 12:12 167936 ----a-w- c:\windows\system32\nvccoin.dll
2011-10-04 18:41 . 2008-02-21 11:49 36864 ----a-w- c:\windows\system32\nvcod100.dll
2011-10-04 18:41 . 2008-02-21 12:12 684032 ----a-w- c:\windows\system32\NETw4c32.dll
2011-10-04 18:41 . 2008-02-21 12:12 2772992 ----a-w- c:\windows\system32\NETw4r32.dll
2011-10-04 18:41 . 2008-02-21 04:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-04 18:41 . 2008-02-21 04:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-04 18:41 . 2008-02-21 04:32 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-10-04 18:41 . 2007-06-06 14:38 237568 ----a-w- c:\windows\system32\KPDPMUI.dll
2011-10-04 18:41 . 2007-06-06 14:38 344064 ----a-w- c:\windows\system32\KPDPM.dll
2011-10-04 18:41 . 2007-06-06 14:18 196608 ----a-w- c:\windows\system32\KPDRES.DLL
2011-10-04 18:41 . 2008-02-21 04:34 126976 ----a-w- c:\windows\system32\Imsmudlg.exe
2011-10-04 18:41 . 2004-08-09 12:04 73728 ----a-w- c:\windows\system32\ISUSPM.cpl
2011-10-04 18:40 . 2006-11-02 08:42 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2011-10-04 18:40 . 2006-11-02 10:25 200704 ----a-w- c:\windows\system32\drivers\e1e6032.sys
2011-10-04 18:40 . 2006-11-02 08:55 12288 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-04 18:40 . 2006-11-02 08:51 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2011-10-04 18:40 . 2006-11-02 08:30 40960 ----a-w- c:\windows\system32\drivers\amdk8.sys
2011-10-04 18:40 . 2008-02-21 12:12 811008 ----a-w- c:\windows\system32\cximage.dll
2011-10-04 18:40 . 2008-02-21 12:12 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2011-10-04 18:38 . 2006-11-02 10:25 573440 ----a-w- c:\windows\system32\atiumdva.dll
2011-10-04 18:38 . 2006-11-02 10:25 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-10-04 18:38 . 2009-04-13 01:39 647168 ----a-w- c:\windows\system32\aestecap.dll
2011-10-04 18:38 . 2009-04-13 01:39 131072 ----a-w- c:\windows\system32\aestacap.dll
2011-10-04 18:19 . 2008-02-21 12:12 90112 ----a-w- c:\windows\CtDrvIns.exe
2011-09-12 23:14 . 2011-10-16 21:17 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D3B948-6529-481A-BA8E-C690C6DA1E72}\mpengine.dll
2011-09-06 13:30 . 2011-10-16 21:05 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-05-16 03:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-10-04 159744]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Google Desktop Search"="c:\program files\google\google desktop search\googledesktop.exe" [2008-02-21 1838592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2011-10-04 221184]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-08-03 309352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 04:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R1 MpKsl1df80b25;MpKsl1df80b25;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD577C2D-8561-4964-B5E2-CC8198010596}\MpKsl1df80b25.sys [x]
R1 MpKsld7277ef1;MpKsld7277ef1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D99EA361-4946-4B19-A3CE-DFEBA5C663E0}\MpKsld7277ef1.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 135664]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 135664]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
rsmsvcs REG_MULTI_SZ ntmssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 01:58]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 01:58]
.
2011-11-23 c:\windows\Tasks\User_Feed_Synchronization-{CEB27D76-DC5F-4C92-96A8-72AEA390B0B6}.job
- c:\windows\system32\msfeedssync.exe [2011-03-17 17:11]
.
.
------- Supplementary Scan -------
.
uStart Page = www.4Loot.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator.TMoss-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wplzfdlp.default\
FF - prefs.js: browser.startup.homepage - www.4Loot.com
FF - user.js: accessibility.blockautorefresh - true
FF - user.js: app.update.auto - false
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1321938616
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1321938856
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1321938736
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1321963275
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 2
FF - user.js: browser.privatebrowsing.autostart - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage_override.buildID - 20111104165243
FF - user.js: browser.startup.homepage_override.mstone - rv:8.0
FF - user.js: browser.urlbar.autocomplete.enabled - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: extensions.blocklist.pingCountTotal - 4
FF - user.js: extensions.blocklist.pingCountVersion - 4
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:5.0
FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1321144850386},\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\,\mtime\:1321631140430}}},{\name\:\app-profile\,\addons\:{\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}\:{\descriptor\:\c:\\\\Users\\\\Administrator.TMoss-PC\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\wplzfdlp.default\\\\extensions\\\\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}.xpi\,\mtime\:1321805383513}}}]
FF - user.js: extensions.lastAppVersion - 8.0
FF - user.js: extensions.lastPlatformVersion - 8.0
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: font.default.x-user-def - serif
FF - user.js: font.language.group - x-armn
FF - user.js: font.minimum-size.x-user-def - 12
FF - user.js: font.name.serif.x-western - Arial
FF - user.js: font.size.fixed.x-user-def - 14
FF - user.js: font.size.variable.x-user-def - 14
FF - user.js: general.skins.selectedSkin - Aeon_Clouds
FF - user.js: idle.lastDailyNotification - 1321940893
FF - user.js: intl.accept_languages - en-us
FF - user.js: intl.charset.default - armscii-8
FF - user.js: intl.charsetmenu.browser.cache - windows-1250, UTF-16, ISO-8859-1, UTF-8
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1321940893
FF - user.js: places.history.expiration.transient_current_max_pages - 64340
FF - user.js: plugin.disable_full_page_plugin_for_types -
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.language.disable_button.remove - false
FF - user.js: pref.browser.language.disable_button.up - false
FF - user.js: pref.downloads.disable_button.edit_actions - false
FF - user.js: pref.general.disable_button.default_browser - false
FF - user.js: pref.privacy.disable_button.view_passwords - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: security.OCSP.disable_button.managecrl - false
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1321450834
FF - user.js: toolkit.telemetry.prompted - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324395828
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.103 -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: browser.startup.homepage - www.4Loot.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DellSupportCenter - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-IMFservice
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-04 15:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ba,6e,ee,09,f0,99,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,ac,4d,b2,b0,9e,6a,4e,9e,07,37,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,ac,4d,b2,b0,9e,6a,4e,9e,07,37,\
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,de,0c,
39,57,19,bf,59,81,17,5f,cc,20,e0,8d,54
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,57,14,
28,9b,14,8c,0b,9e,e6,df,d4,3f,c5,d5,02
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,11,
e5,68,9c,45,06,a5,34,c9,b5,2e,93,15,18
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fe,
a7,57,92,bb,59,a6,e2,5f,fc,ce,4f,f5,14
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cb,
02,9f,b8,e8,0a,bf,99,a5,0b,8b,6b,fd,d8
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f1,4c,
b0,ef,51,fa,05,99,3c,90,4c,50,31,33,ec
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,05,77,
d0,85,61,75,08,bf,17,ff,20,3a,fd,b7,6c
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dc,
c1,77,f4,30,0b,a6,7b,c3,79,c6,80,c8,b2
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,60,16,
ce,78,45,0d,08,bb,a2,1d,1f,df,57,34,5b
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:fe,46,4e,3e,9b,a1,cc,01
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,b1,f2,e9,91,39,02,4b,bc,fb,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,b1,f2,e9,91,39,02,4b,bc,fb,09,\
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.1033_1033_MTOC_WINWORD_COL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.contact\UserChoice]
@Denied: (2) (Administrator)
"Progid"="contact_wab_auto_file"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.HxH\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Winword.exe"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Winword.exe"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(1808)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2011-12-04 15:16:57
ComboFix-quarantined-files.txt 2011-12-04 20:16
.
Pre-Run: 90,386,669,568 bytes free
Post-Run: 90,321,354,752 bytes free
.
- - End Of File - - 14EBD6F94C91D7672A2E3C7869850152

 

[Broni]

What is Ade?

I can't click on anything without it saying the registry file is marked for deletion...

You didn't read my instructions carefully enough.
Read "Note 3".

 

[Broni]

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[tmoss]

Still having errors after OTL Such as clicking on some things such as manage user account and numerous other links will give the error cannot find %windir%\\system32\\rundll.exe....Other links will say can't find enviroment variable....Media player won't open and Can't install new one....Acess denied to some folders and files....Connect to network says connection status unknown, dependency service or group failed to start, but yet it lets me online......I can uninstall programs and the get re-installed...

OTL logfile created on: 12/4/2011 10:28:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator.TMoss-PC\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.70% Memory free
4.91 Gb Paging File | 3.86 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): c:\pagefile.sys 3050 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 84.25 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.15 Gb Free Space | 21.45% Space Free | Partition Type: NTFS

Computer Name: TMOSS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 21:10:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.TMoss-PC\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/05 01:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/04 13:04:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2011/08/03 06:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/07 03:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 03:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/05 01:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/03 02:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/07/09 10:30:57 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (seclogon)
SRV - File not found [On_Demand | Stopped] -- -- (QWAVE)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/22 17:49:24 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/06/22 17:30:38 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/02/20 23:49:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/15 17:25:34 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe -- (STacSV)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/02 23:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/04 13:40:45 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/10/07 04:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel(R)
DRV - [2010/05/04 10:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 10:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/17 02:37:06 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/15 17:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/07 03:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 01:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/07 01:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/07 01:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/13 04:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-263534564-1765753400-3299622415-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.joinred.com/ [binary data]
IE - HKU\S-1-5-21-263534564-1765753400-3299622415-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.4Loot.com
IE - HKU\S-1-5-21-263534564-1765753400-3299622415-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.4Loot.com"

FF - user.js..browser.startup.homepage: "www.4Loot.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/04 12:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 16:17:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/28 15:28:45 | 000,000,000 | ---D | M]

[2011/11/12 19:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\mozilla\Extensions
[2011/11/30 17:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\mozilla\Firefox\Profiles\wplzfdlp.default\extensions
[2011/11/18 10:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/18 10:45:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\ADMINISTRATOR.TMOSS-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPLZFDLP.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/18 10:45:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/04 15:11:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\##aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-263534564-1765753400-3299622415-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-263534564-1765753400-3299622415-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-263534564-1765753400-3299622415-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-263534564-1765753400-3299622415-500\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34620C71-3B3E-47CC-B5C0-C467306FDF63}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\google\google desktop search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: seclogon - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 21:10:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.TMoss-PC\Desktop\OTL.exe
[2011/12/04 15:36:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/04 15:14:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/04 14:56:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/04 14:54:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/04 14:54:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/04 14:54:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/04 14:45:00 | 004,327,310 | R--- | C] (Swearware) -- C:\Users\Administrator.TMoss-PC\Desktop\ComboFix.exe
[2011/12/04 14:30:44 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Administrator.TMoss-PC\Desktop\aswMBR.exe
[2011/12/04 12:56:12 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/12/04 12:55:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\_avast_
[2011/12/04 12:23:18 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/04 12:23:18 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/04 12:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/04 12:23:17 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/04 12:23:17 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/04 12:23:17 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/04 12:23:17 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/04 12:23:08 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/04 12:23:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/04 12:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/04 12:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/02 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\KodakCredentialStore
[2011/12/02 23:18:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\KodakGallery
[2011/12/02 23:18:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Skinux
[2011/12/02 14:58:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Documents\My Print Creations
[2011/12/02 10:05:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\New Folder
[2011/12/01 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Apple
[2011/12/01 00:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/01 00:06:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/01 00:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 23:59:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Malwarebytes
[2011/11/30 22:01:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\HP
[2011/11/29 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Creative
[2011/11/29 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Documents\Dell Webcam Center
[2011/11/28 18:28:18 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/11/25 15:51:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\NtmsData
[2011/11/25 12:37:19 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/11/24 23:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/11/21 04:05:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft Games
[2011/11/21 03:31:26 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Documents\Scanned Documents
[2011/11/21 03:31:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Documents\Fax
[2011/11/20 07:42:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\PeerNetworking
[2011/11/20 07:16:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Adobe
[2011/11/18 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\MediaDirect
[2011/11/18 10:47:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\CyberLink
[2011/11/18 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft Corporation
[2011/11/18 06:04:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Documents\OneNote Notebooks
[2011/11/18 05:36:36 | 000,000,000 | --SD | C] -- C:\Users\Administrator.TMoss-PC\Documents\My Data Sources
[2011/11/18 04:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Apple Computer
[2011/11/18 02:37:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Documents\Security
[2011/11/16 09:48:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/16 09:09:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/16 08:55:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/16 04:24:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Macromedia
[2011/11/12 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Adobe
[2011/11/12 19:29:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Google
[2011/11/12 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Mozilla
[2011/11/12 19:28:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Mozilla
[2011/11/12 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Documents\My Google Gadgets
[2011/11/12 19:03:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Google
[2011/11/12 19:03:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\SupportSoft
[2011/11/12 17:03:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\ArcSoft
[2011/11/12 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\IObit
[2011/11/12 17:02:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\ArcSoft
[2011/11/12 17:02:17 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/11/12 17:02:17 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Searches
[2011/11/12 17:02:17 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/12 17:00:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Identities
[2011/11/12 17:00:56 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Contacts
[2011/11/12 17:00:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Intel
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Temporary Internet Files
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Templates
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Start Menu
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\SendTo
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Recent
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\PrintHood
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\NetHood
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Documents\My Videos
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Documents\My Pictures
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Documents\My Music
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\My Documents
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Local Settings
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\History
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Cookies
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\Application Data
[2011/11/12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Application Data
[2011/11/12 17:00:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/12 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Temp
[2011/11/12 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft Help
[2011/11/12 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft
[2011/11/12 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Media Center Programs
[2011/11/12 17:00:37 | 000,000,000 | --SD | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Videos
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Saved Games
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Pictures
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Music
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Links
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Favorites
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Downloads
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Documents
[2011/11/12 17:00:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator.TMoss-PC\Desktop
[2011/11/12 17:00:37 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.TMoss-PC\AppData
[2011/11/12 17:00:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator.TMoss-PC\Roaming
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/04 21:18:22 | 001,469,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/04 21:18:22 | 000,405,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/04 21:13:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 21:13:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 21:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/04 21:13:42 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 21:10:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.TMoss-PC\Desktop\OTL.exe
[2011/12/04 15:46:49 | 001,008,114 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Desktop\rkill.scr
[2011/12/04 15:43:42 | 001,008,114 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Desktop\rkill.com
[2011/12/04 15:11:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/04 14:45:03 | 004,327,310 | R--- | M] (Swearware) -- C:\Users\Administrator.TMoss-PC\Desktop\ComboFix.exe
[2011/12/04 14:39:31 | 000,000,512 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Desktop\MBR.dat
[2011/12/04 14:30:46 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Administrator.TMoss-PC\Desktop\aswMBR.exe
[2011/12/04 13:00:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/04 12:48:40 | 000,000,680 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\AppData\Local\d3d9caps.dat
[2011/12/04 12:23:18 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/02 21:09:05 | 000,024,206 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\UserTile.png
[2011/12/02 20:56:07 | 000,000,000 | -H-- | M] () -- C:\Users\Administrator.TMoss-PC\Documents\Default.rdp
[2011/12/02 12:12:24 | 000,027,648 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 11:07:25 | 000,001,113 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/12/01 23:40:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/01 23:40:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/01 00:06:17 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 19:39:39 | 000,100,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/27 13:42:01 | 000,004,267 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/11/24 23:15:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/23 12:24:41 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEB27D76-DC5F-4C92-96A8-72AEA390B0B6}.job
[2011/11/23 12:15:48 | 000,081,920 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Desktop\AutoRecovery save of MS.WINWORD.12.1033_1033_MTOC_WINWORD_COL
[2011/11/22 22:45:06 | 000,000,000 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Desktop\Take meeting notes in OneNote.wma
[2011/11/18 23:22:51 | 000,010,113 | ---- | M] () -- C:\[Book1]MICROSOFT_Please_Read_Now
[2011/11/18 23:16:46 | 000,010,113 | ---- | M] () -- C:\Windows\System32\[Book1]MICROSOFT_Please_Read_Now
[2011/11/16 07:30:21 | 000,001,315 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Desktop\!Safe_WinVista_Ultimate_SP2_32_Start_v200.zip
[2011/11/15 20:48:47 | 000,070,656 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/11/15 15:55:47 | 000,030,720 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2011/11/12 19:40:56 | 000,000,872 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 19:40:56 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/12 19:29:02 | 000,000,945 | ---- | M] () -- C:\Users\Administrator.TMoss-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/12 19:28:54 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/11/10 03:56:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 01:56:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 21:13:42 | 2145,452,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/04 15:46:49 | 001,008,114 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Desktop\rkill.scr
[2011/12/04 15:43:41 | 001,008,114 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Desktop\rkill.com
[2011/12/04 14:54:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/04 14:54:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/04 14:54:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/04 14:54:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/04 14:54:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/04 14:39:31 | 000,000,512 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Desktop\MBR.dat
[2011/12/04 12:23:18 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/02 20:56:07 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator.TMoss-PC\Documents\Default.rdp
[2011/12/02 11:07:25 | 000,001,113 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/12/01 23:40:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/01 23:40:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/01 00:06:17 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 12:24:41 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEB27D76-DC5F-4C92-96A8-72AEA390B0B6}.job
[2011/11/23 12:15:47 | 000,081,920 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Desktop\AutoRecovery save of MS.WINWORD.12.1033_1033_MTOC_WINWORD_COL
[2011/11/22 22:45:06 | 000,000,000 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Desktop\Take meeting notes in OneNote.wma
[2011/11/22 11:21:18 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/11/20 07:42:52 | 000,024,206 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\UserTile.png
[2011/11/18 23:22:51 | 000,010,113 | ---- | C] () -- C:\[Book1]MICROSOFT_Please_Read_Now
[2011/11/18 23:14:23 | 000,010,113 | ---- | C] () -- C:\Windows\System32\[Book1]MICROSOFT_Please_Read_Now
[2011/11/16 07:30:21 | 000,001,315 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Desktop\!Safe_WinVista_Ultimate_SP2_32_Start_v200.zip
[2011/11/16 07:28:38 | 000,000,680 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Local\d3d9caps.dat
[2011/11/14 12:22:08 | 000,027,648 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 19:40:56 | 000,000,872 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/12 19:29:02 | 000,000,945 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/12 19:28:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/11/12 17:02:19 | 000,000,951 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/11/12 17:02:16 | 000,000,946 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/12 17:00:55 | 000,000,917 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/11/12 17:00:39 | 000,000,258 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/12 17:00:39 | 000,000,240 | ---- | C] () -- C:\Users\Administrator.TMoss-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/05 12:32:22 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/03 00:28:50 | 000,000,648 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2009/10/20 19:58:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 19:58:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 19:57:03 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/04/27 02:01:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/22 23:26:32 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2009/04/08 20:27:39 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/02/21 07:12:33 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/02/21 07:12:32 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/20 23:46:59 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2006/11/09 15:01:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,100,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 001,469,958 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,405,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\IObit
[2011/11/20 07:42:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\PeerNetworking
[2011/12/02 23:18:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Skinux
[2011/11/10 11:43:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IObit
[2011/11/16 23:36:16 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\Auslogics
[2011/11/17 11:03:15 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\DataSafeOnline
[2011/11/30 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\IObit
[2009/04/08 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\iolo
[2011/11/07 08:02:43 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\PeerNetworking
[2011/03/11 11:22:09 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\Skinux
[2011/11/03 03:28:15 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\SystemRequirementsLab
[2011/08/08 17:01:48 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\TomTom
[2011/11/03 00:06:57 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\URSoft
[2011/11/15 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\TMoss\AppData\Roaming\uTorrent
[2011/11/10 04:20:27 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/23 12:24:41 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CEB27D76-DC5F-4C92-96A8-72AEA390B0B6}.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/08 19:36:48 | 000,035,637 | ---- | M] () -- C:\caavsetupLog.txt
[2011/03/08 11:13:11 | 000,089,410 | ---- | M] () -- C:\caisslog.txt
[2011/12/04 15:16:58 | 000,039,972 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/21 07:12:45 | 000,004,878 | RH-- | M] () -- C:\dell.sdr
[2011/11/18 03:48:49 | 000,000,057 | -HS- | M] () -- C:\desktop.ini
[2011/11/25 16:29:20 | 000,072,724 | ---- | M] () -- C:\Hardware.txt
[2011/12/04 21:13:42 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 23:40:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/01 23:40:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/04 21:13:41 | 3198,156,800 | -HS- | M] () -- C:\pagefile.sys
[2011/12/04 15:51:55 | 000,000,366 | ---- | M] () -- C:\rkill.log
[2011/11/27 13:42:01 | 000,004,267 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/11/18 23:22:51 | 000,010,113 | ---- | M] () -- C:\[Book1]MICROSOFT_Please_Read_Now

 

[tmoss]

OTL Continued

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/03 23:45:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/04/25 13:14:04 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/10/04 13:40:32 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2011/10/04 13:40:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2011/10/04 13:40:32 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2011/10/04 13:40:33 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2011/10/04 13:40:33 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2011/11/18 06:28:01 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\FXSAPIDebugLogFile.txt
[2011/11/18 06:28:01 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\FXSTIFFDebugLogFile.txt
[2011/11/14 12:25:35 | 000,004,313 | ---- | M] () -- C:\Windows\system32\config\systemprofile\GoogleToolbarInstaller1.log
[2011/11/12 19:29:26 | 000,000,460 | ---- | M] () -- C:\Windows\system32\config\systemprofile\GoogleToolbarInstaller2.log
[2011/11/24 23:13:05 | 000,161,348 | ---- | M] () -- C:\Windows\system32\config\systemprofile\MpCmdRun.log
[2011/11/15 20:48:44 | 000,000,462 | ---- | M] () -- C:\Windows\system32\config\systemprofile\WERADCF.tmp.version.txt
[2011/11/15 20:48:44 | 000,018,558 | ---- | M] () -- C:\Windows\system32\config\systemprofile\WERADD0.tmp.appcompat.txt
[2011/11/15 20:48:44 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\WERAFB4.tmp.hdmp
[3 C:\Windows\system32\config\systemprofile\*.tmp files -> C:\Windows\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/12 19:29:02 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/12/04 14:30:46 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Administrator.TMoss-PC\Desktop\aswMBR.exe
[2011/12/04 14:45:03 | 004,327,310 | R--- | M] (Swearware) -- C:\Users\Administrator.TMoss-PC\Desktop\ComboFix.exe
[2011/12/04 21:10:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.TMoss-PC\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 07:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/11/12 17:02:17 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator.TMoss-PC\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/03 00:28:50 | 000,000,648 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >
___________________________________________________________________________


OTL Extras logfile created on: 12/4/2011 10:28:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator.TMoss-PC\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.70% Memory free
4.91 Gb Paging File | 3.86 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): c:\pagefile.sys 3050 3750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 84.25 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.15 Gb Free Space | 21.45% Space Free | Partition Type: NTFS

Computer Name: TMOSS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-263534564-1765753400-3299622415-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08561B8D-FB9F-44E6-88C4-C2941660DDF6}" = lport=445 | protocol=6 | dir=in | app=system |
"{09EFCF07-598C-46AB-91FA-A3E121B3DC0F}" = lport=138 | protocol=17 | dir=in | app=system |
"{0ED4FDD9-20F3-45CB-8EF4-20608D6C6C2C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C1E2EF6-B8C8-4402-B53A-7A0FF55E68BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{600EF06B-75A9-493F-BCF5-D9C5A60022E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A957DDE-C6FC-4494-9F39-41E6757E16DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{8BE39C49-9786-4CE6-BCE7-614907CFE94A}" = rport=139 | protocol=6 | dir=out | app=system |
"{A75B0B95-5D99-4E7D-8F1E-FE3CD128BABD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF474C9E-5762-4290-8B71-4D5898A81506}" = rport=138 | protocol=17 | dir=out | app=system |
"{FC0D1BE2-C533-4DD4-9431-82DB98513D0A}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{178E7EF4-CAB5-497E-AFEA-2D0CE28E4713}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"{2D26D067-29EA-494A-A3F7-09B5F395E7FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C1E7513-B1F5-4F8C-8F53-56A0E64F8B27}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8845AD43-1C64-43CE-8C73-A6ED7B955737}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4B36607-D961-499A-A79D-2D556FE42BB2}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\avastui.exe |
"{EF7C65D8-85A5-404C-8797-10FEFD95D0AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel(R) PROSet/Wireless WiFi Software
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}" = HP Deskjet 1000 J110 series Basic Device Software
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = VSS | ID = 19
Description = Volume Shadow Copy Service error: The EventSystem service is disabled
or is attempting to start during Safe Mode. The Volume Shadow Copy service cannot
start while in safe mode. If not in safe mode, make sure that EventSystem service
is enabled. CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


Operation:

Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}

Writer Name: ASR Writer Writer Instance ID: {863d3e35-6a5b-40d7-ab40-f2293ff44f26}

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206. Operation: Subscribing Writer Context: Writer
Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer
Instance ID: {863d3e35-6a5b-40d7-ab40-f2293ff44f26}

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = VSS | ID = 19
Description = Volume Shadow Copy Service error: The EventSystem service is disabled
or is attempting to start during Safe Mode. The Volume Shadow Copy service cannot
start while in safe mode. If not in safe mode, make sure that EventSystem service
is enabled. CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


Operation:

Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {514bc427-cb5e-4128-818e-65e4f3819550}

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206. Operation: Subscribing Writer Context: Writer
Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization
Writer Writer Instance ID: {514bc427-cb5e-4128-818e-65e4f3819550}

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = EventSystem | ID = 4609
Description =

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = VSS | ID = 34
Description = Volume Shadow Copy Service error: The VSS event class is not registered.
This will prevent any VSS writers from receiving events. This may be caused due
to a setup failure or as a result of an application's installer or uninstaller.


Operation:

Gathering Writer Data Executing Asynchronous Operation Context: Execution
Context: Requestor Current State: GatherWriterMetadata

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040154. Operation: Gathering Writer Data Executing
Asynchronous Operation Context: Execution Context: Requestor Current State:
GatherWriterMetadata

Error - 12/4/2011 11:32:00 PM | Computer Name = TMoss-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe;
Descripton = OTL Restore Point - 12/4/2011 10:32:00 PM; Hr = 0x8000ffff).

[ Media Center Events ]
Error - 11/21/2011 5:18:14 AM | Computer Name = TMoss-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154

Error - 12/3/2011 12:26:24 AM | Computer Name = TMoss-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040154

Error - 12/3/2011 12:26:25 AM | Computer Name = TMoss-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80131534

[ System Events ]
Error - 12/4/2011 11:37:25 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/4/2011 11:37:25 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2011 11:37:55 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/4/2011 11:37:55 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2011 11:38:25 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/4/2011 11:38:25 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2011 11:38:55 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/4/2011 11:38:55 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/4/2011 11:39:25 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/4/2011 11:39:25 PM | Computer Name = TMoss-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

 

[Broni]

Please download Farbar Service Scanner and run it on the computer with the issue.

• Check "Include All Files" option.
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

==============================================================

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log

Click Go and post the result.

===========================================================

Lets run the following tool. This will help determine which files need permissions restored.

Please download and save Junction.zip

Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.

 

[tmoss]

Farbar Service Scanner
Ran by Administrator (administrator) on 04-12-2011 at 23:59:53
Windows Vista (TM) Ultimate Service Pack 2 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 00:26] - [2011-09-20 16:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

________________________________________________________________________________

MiniToolBox by Farbar
Ran by Administrator (administrator) on 05-12-2011 at 00:04:05
Windows Vista (TM) Ultimate Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=575 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="NETGEAR" forwarding=disabled advertise=disabled mtu=861 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : TMoss-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
System Quarantine State . . . . . : Not Restricted


Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-15-C5-86-7E-59
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter NETGEAR:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-73-9E-A3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::85b7:55db:6f57:1b8f%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, December 04, 2011 9:14:02 PM
Lease Expires . . . . . . . . . . : Monday, December 05, 2011 9:14:01 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167779808
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-4E-B3-F6-00-15-C5-86-7E-59
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{205DD987-4F01-45E4-B2B2-CC7BC0A6FAF4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{34620C71-3B3E-47CC-B5C0-C467306FDF63}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.159.104
74.125.159.106
74.125.159.99
74.125.159.103
74.125.159.147
74.125.159.105



Pinging google.com [74.125.159.105] with 32 bytes of data:

Reply from 74.125.159.105: bytes=32 time=28ms TTL=52

Reply from 74.125.159.105: bytes=32 time=29ms TTL=52



Ping statistics for 74.125.159.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 29ms, Average = 28ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=111ms TTL=47

Reply from 98.137.149.56: bytes=32 time=144ms TTL=47



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 111ms, Maximum = 144ms, Average = 127ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 15 c5 86 7e 59 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
10 ...00 1d e0 73 9e a3 ...... Intel(R) Wireless WiFi Link 4965AGN
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.{205DD987-4F01-45E4-B2B2-CC7BC0A6FAF4}
14 ...00 00 00 00 00 00 00 e0 isatap.{34620C71-3B3E-47CC-B5C0-C467306FDF63}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::85b7:55db:6f57:1b8f/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/04/2011 10:32:00 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\wbem\wmiprvse.exe; Descripton = OTL Restore Point - 12/4/2011 10:32:00 PM; Hr = 0x8000ffff).

Error: (12/04/2011 10:32:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154.


Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata

Error: (12/04/2011 10:32:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The VSS event class is not registered. This will prevent any
VSS writers from receiving events. This may be caused due to a setup failure or as a result of an
application's installer or uninstaller.


Operation:
Gathering Writer Data
Executing Asynchronous Operation

Context:
Execution Context: Requestor
Current State: GatherWriterMetadata

Error: (12/04/2011 10:32:00 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070437

Error: (12/04/2011 10:32:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


Operation:
Subscribing Writer

Context:
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {514bc427-cb5e-4128-818e-65e4f3819550}

Error: (12/04/2011 10:32:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode.
If not in safe mode, make sure that EventSystem service is enabled.
CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


Operation:
Subscribing Writer

Context:
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {514bc427-cb5e-4128-818e-65e4f3819550}

Error: (12/04/2011 10:32:00 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070437

Error: (12/04/2011 10:32:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.


Operation:
Subscribing Writer

Context:
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {863d3e35-6a5b-40d7-ab40-f2293ff44f26}

Error: (12/04/2011 10:32:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The EventSystem service is disabled or is attempting to start during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode.
If not in safe mode, make sure that EventSystem service is enabled.
CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]


Operation:
Subscribing Writer

Context:
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {863d3e35-6a5b-40d7-ab40-f2293ff44f26}

Error: (12/04/2011 10:32:00 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp4580070437


System errors:
=============
Error: (12/05/2011 00:04:12 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:11 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:11 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:10 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:10 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:09 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:09 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:08 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:08 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079

Error: (12/05/2011 00:04:07 AM) (Source: Service Control Manager) (User: )
Description: Network Connections%%1079


Microsoft Office Sessions:
=========================

**** End of log ****
__________________________________________________________________________________-

 

[tmoss]

Junction

What do you think is going on here...


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

.\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.
Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07f3d2b5f37a91d9f84076cee386f8bd_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d9b0622dfb157085bce3c0127fb4860_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77d2c16eaff4a61ce742900f488898ce_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.



Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.


.


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.



Failed to open \\?\c:\\System Volume Information\{039d2d60-111f-11e1-8342-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{33dd6e32-19fc-11e1-aed9-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{4d22f30b-1783-11e1-b03d-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{4d22f310-1783-11e1-b03d-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b8e5-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9c1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9c9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9d1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9d9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9e1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9e9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9f1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945b9fd-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba05-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba0d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba15-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba1d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba25-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba2d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba35-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba3d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba45-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba4d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba55-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba5d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba65-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945ba7f-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945bb89-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945bba2-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945bbd7-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{6945bbde-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{cec21ff6-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{cec21ffe-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{cec22018-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{eb28177d-17a1-11e1-856e-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\{eb28178b-17a1-11e1-856e-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



Failed to open \\?\c:\\System Volume Information\SystemRestore\System Volume Information: Access is denied.


\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\Administrator.TMoss-PC\Application Data: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming

\\?\c:\\Users\Administrator.TMoss-PC\Cookies: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Administrator.TMoss-PC\Local Settings: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Local
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Local

\\?\c:\\Users\Administrator.TMoss-PC\My Documents: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\Documents
Substitute Name: C:\Users\Administrator.TMoss-PC\Documents

\\?\c:\\Users\Administrator.TMoss-PC\NetHood: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Administrator.TMoss-PC\PrintHood: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Administrator.TMoss-PC\Recent: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Administrator.TMoss-PC\SendTo: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Administrator.TMoss-PC\Start Menu: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Administrator.TMoss-PC\Templates: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Administrator.TMoss-PC\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Local
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Local

\\?\c:\\Users\Administrator.TMoss-PC\AppData\Local\History: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Administrator.TMoss-PC\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files

...\\?\c:\\Users\Administrator.TMoss-PC\Documents\My Music: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\Music
Substitute Name: C:\Users\Administrator.TMoss-PC\Music

\\?\c:\\Users\Administrator.TMoss-PC\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\Pictures
Substitute Name: C:\Users\Administrator.TMoss-PC\Pictures

\\?\c:\\Users\Administrator.TMoss-PC\Documents\My Videos: JUNCTION
Print Name : C:\Users\Administrator.TMoss-PC\Videos
Substitute Name: C:\Users\Administrator.TMoss-PC\Videos

\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates




Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\07f3d2b5f37a91d9f84076cee386f8bd_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3d9b0622dfb157085bce3c0127fb4860_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\77d2c16eaff4a61ce742900f488898ce_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.



Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_7bdb6517-028f-4c07-8a83-19fb585d6dc1: Access is denied.


..\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Guest\Application Data: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming
Substitute Name: C:\Users\Guest\AppData\Roaming

\\?\c:\\Users\Guest\Cookies: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Guest\Local Settings: JUNCTION
Print Name : C:\Users\Guest\AppData\Local
Substitute Name: C:\Users\Guest\AppData\Local

\\?\c:\\Users\Guest\My Documents: JUNCTION
Print Name : C:\Users\Guest\Documents
Substitute Name: C:\Users\Guest\Documents

\\?\c:\\Users\Guest\NetHood: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Guest\PrintHood: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Guest\Recent: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Guest\SendTo: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Guest\Start Menu: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Guest\Templates: JUNCTION
Print Name : C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Guest\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Guest\AppData\Local
Substitute Name: C:\Users\Guest\AppData\Local

\\?\c:\\Users\Guest\AppData\Local\History: JUNCTION
Print Name : C:\Users\Guest\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Guest\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Guest\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

...\\?\c:\\Users\Guest\Documents\My Music: JUNCTION
Print Name : C:\Users\Guest\Music
Substitute Name: C:\Users\Guest\Music

\\?\c:\\Users\Guest\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Guest\Pictures
Substitute Name: C:\Users\Guest\Pictures

\\?\c:\\Users\Guest\Documents\My Videos: JUNCTION
Print Name : C:\Users\Guest\Videos
Substitute Name: C:\Users\Guest\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

\\?\c:\\Users\TMoss\Application Data: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming
Substitute Name: C:\Users\TMoss\AppData\Roaming

\\?\c:\\Users\TMoss\Cookies: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\TMoss\Local Settings: JUNCTION
Print Name : C:\Users\TMoss\AppData\Local
Substitute Name: C:\Users\TMoss\AppData\Local

\\?\c:\\Users\TMoss\My Documents: JUNCTION
Print Name : C:\Users\TMoss\Documents
Substitute Name: C:\Users\TMoss\Documents

\\?\c:\\Users\TMoss\NetHood: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\TMoss\PrintHood: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\TMoss\Recent: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\TMoss\SendTo: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\TMoss\Start Menu: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\TMoss\Templates: JUNCTION
Print Name : C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\TMoss\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\TMoss\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\TMoss\AppData\Local
Substitute Name: C:\Users\TMoss\AppData\Local

\\?\c:\\Users\TMoss\AppData\Local\History: JUNCTION
Print Name : C:\Users\TMoss\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\TMoss\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\TMoss\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\TMoss\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\TMoss\AppData\Local\Microsoft\Windows\Temporary Internet Files




Failed to open \\?\c:\\Users\TMoss\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\c:\\Users\TMoss\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


...

...

.\\?\c:\\Users\TMoss\Documents\My Music: JUNCTION
Print Name : C:\Users\TMoss\Music
Substitute Name: C:\Users\TMoss\Music

\\?\c:\\Users\TMoss\Documents\My Pictures: JUNCTION
Print Name : C:\Users\TMoss\Pictures
Substitute Name: C:\Users\TMoss\Pictures

\\?\c:\\Users\TMoss\Documents\My Videos: JUNCTION
Print Name : C:\Users\TMoss\Videos
Substitute Name: C:\Users\TMoss\Videos

..\\?\c:\\Users\UpdatusUser.TMoss-PC\Application Data: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming

\\?\c:\\Users\UpdatusUser.TMoss-PC\Cookies: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\UpdatusUser.TMoss-PC\Local Settings: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Local
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Local

\\?\c:\\Users\UpdatusUser.TMoss-PC\My Documents: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\Documents
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\Documents

\\?\c:\\Users\UpdatusUser.TMoss-PC\NetHood: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\UpdatusUser.TMoss-PC\PrintHood: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\UpdatusUser.TMoss-PC\Recent: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\UpdatusUser.TMoss-PC\SendTo: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\UpdatusUser.TMoss-PC\Start Menu: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\UpdatusUser.TMoss-PC\Templates: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\UpdatusUser.TMoss-PC\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Local
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Local

\\?\c:\\Users\UpdatusUser.TMoss-PC\AppData\Local\History: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\UpdatusUser.TMoss-PC\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\UpdatusUser.TMoss-PC\Documents\My Music: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\Music
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\Music

\\?\c:\\Users\UpdatusUser.TMoss-PC\Documents\My Pictures: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\Pictures
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\Pictures

\\?\c:\\Users\UpdatusUser.TMoss-PC\Documents\My Videos: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC\Videos
Substitute Name: C:\Users\UpdatusUser.TMoss-PC\Videos

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Application Data: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Cookies: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Local Settings: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\My Documents: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\Documents
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\Documents

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\NetHood: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\PrintHood: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Recent: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\SendTo: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Start Menu: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Templates: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\AppData\Local\History: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Documents\My Music: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\Music
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\Music

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Documents\My Pictures: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\Pictures
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\Pictures

\\?\c:\\Users\UpdatusUser.TMoss-PC.000\Documents\My Videos: JUNCTION
Print Name : C:\Users\UpdatusUser.TMoss-PC.000\Videos
Substitute Name: C:\Users\UpdatusUser.TMoss-PC.000\Videos



...
Failed to open \\?\c:\\Windows\CSC\v2.0.6\pq: Access is denied.



Failed to open \\?\c:\\Windows\CSC\v2.0.6\temp\ea-{a7af2b49-31c3-11de-9742-001de0739ea3}: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..\\?\c:\\Windows\System32\config\systemprofile\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

\\?\c:\\Windows\System32\config\systemprofile\Local Settings: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\My Documents: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Documents
Substitute Name: C:\Windows\system32\config\systemprofile\Documents

\\?\c:\\Windows\System32\config\systemprofile\NetHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\PrintHood: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Windows\System32\config\systemprofile\Recent: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Windows\System32\config\systemprofile\SendTo: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Windows\System32\config\systemprofile\Start Menu: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Windows\System32\config\systemprofile\Templates: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Application Data: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\History: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

\\?\c:\\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

.\\?\c:\\Windows\System32\config\systemprofile\Documents\My Music: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Music
Substitute Name: C:\Windows\system32\config\systemprofile\Music

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Pictures: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Pictures
Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

\\?\c:\\Windows\System32\config\systemprofile\Documents\My Videos: JUNCTION
Print Name : C:\Windows\system32\config\systemprofile\Videos
Substitute Name: C:\Windows\system32\config\systemprofile\Videos



...

...

...

...

...

...

...
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.

 

[tmoss]

I know this is hard to read and not sure if you will find it useful but this is what shows up in process viewer every time I do anything...All of these are writing to disk...Seems everything gets rewritten but I could be wrong...





Image PID File Read (B/min) Write (B/min) IO Priority Response Time (ms)
System 4 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTNT Kernel Logger.etl 0 197120 - 2
svchost.exe (LocalServiceNetworkRestricted) 1108 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 0 512 - 1
System 4 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf 0 20480 - 1
System 4 C:\Windows\Prefetch\MMC.EXE-BC0E8C7C.pf 0 86016 - 1
System 4 C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf 0 20480 - 1
System 4 C:\Users\Administrator.TMoss-PC 0 8192 - 1
System 4 - 0 4608 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows 0 4096 - 1
System 4 C:\Windows\System32\config 0 4096 - 1
System 4 C:\$Mft (NTFS Master File Table) 0 4096 - 1
System 4 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex 0 4096 - 1
SearchIndexer.exe 2916 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy7.gthr 0 4096 - 1
System 4 C:\$BitMap (NTFS Free Space Map) 0 28672 - 1
System 4 C:\Windows\System32\winevt\Logs\System.evtx 0 16384 - 1
System 4 C:\$Mft (NTFS Master File Table) 0 81920 - 1
System 4 C:\$LogFile (NTFS Volume Log) 0 159744 - 0
System 4 C:\Windows\Prefetch 0 24576 - 0
System 4 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf 0 28672 - 0
System 4 C:\Users\Administrator.TMoss-PC\ntuser.dat.LOG1 0 17920 - 0
System 4 C:\Windows\System32\config\software 0 53248 - 0
System 4 C:\Users\Administrator.TMoss-PC\ntuser.dat 0 69632 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\UsrClass.dat 0 57344 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 0 18432 - 0
System 4 C:\Windows\System32\config\SOFTWARE.LOG1 0 24576 - 0
SearchIndexer.exe 2916 C:\$LogFile (NTFS Volume Log) 0 12288 - 0
System 4 C:\Windows\System32\LogFiles\WMI\RtBackup 0 4096 - 0

 

[Broni]

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
Copy and paste the following in the edit box:

c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07f3d2b5f37a91d9f84076 cee386f8bd_7bdb6517-028f-4c07-8a83-19fb585d6dc1
c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d9b0622dfb157085bce3c 0127fb4860_7bdb6517-028f-4c07-8a83-19fb585d6dc1
c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77d2c16eaff4a61ce74290 0f488898ce_7bdb6517-028f-4c07-8a83-19fb585d6dc1
c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1 e01a5229f1_7bdb6517-028f-4c07-8a83-19fb585d6dc1
c:\\Qoobox\BackEnv
c:\\System Volume Information\{6945b9c9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9c1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b8e5-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{4d22f310-1783-11e1-b03d-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{4d22f30b-1783-11e1-b03d-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{33dd6e32-19fc-11e1-aed9-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{039d2d60-111f-11e1-8342-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba15-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba0d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba05-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9fd-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9f1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9e9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9e1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9d9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945b9d1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba5d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba55-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba4d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba45-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba3d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba35-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba2d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba25-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba1d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{cec22018-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{cec21ffe-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{cec21ff6-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945bbde-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945bbd7-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945bba2-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945bb89-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba7f-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{6945ba65-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\SystemRestore\System Volume Information
c:\\System Volume Information\{eb28178b-17a1-11e1-856e-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\System Volume Information\{eb28177d-17a1-11e1-856e-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}
c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_7bd b6517-028f-4c07-8a83-19fb585d6dc1
c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\77d2c16eaff4a61ce742900f488898ce_7bd b6517-028f-4c07-8a83-19fb585d6dc1
c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3d9b0622dfb157085bce3c0127fb4860_7bd b6517-028f-4c07-8a83-19fb585d6dc1
c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\07f3d2b5f37a91d9f84076cee386f8bd_7bd b6517-028f-4c07-8a83-19fb585d6dc1
c:\\Users\TMoss\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db
c:\\Users\TMoss\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow
c:\\Windows\CSC\v2.0.6\pq
c:\\Windows\CSC\v2.0.6\temp\ea-{a7af2b49-31c3-11de-9742-001de0739ea3}
c:\\Windows\System32\LogFiles\WMI\RtBackup

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

============================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- -- (seclogon)
  SRV - File not found [On_Demand | Stopped] -- -- (QWAVE)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
  @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:1CE11B51
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[tmoss]

More logs

Wow,you should have seen process viewer after running these...I saved it if you want to see.....Anyway ESET came up clean so no log there......Here are the rest....

GrantPerms by Farbar
Ran by Administrator (administrator) at 2011-12-05 20:06:55

===============================================
ERROR: Parsing the SD of <\\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07f3d2b5f37a91d9f84076 cee386f8bd_7bdb6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d9b0622dfb157085bce3c 0127fb4860_7bdb6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77d2c16eaff4a61ce74290 0f488898ce_7bdb6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1 e01a5229f1_7bdb6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
\\?\c:\\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
NT AUTHORITY\Authenticated Users change ALLOW (I)
NT AUTHORITY\Authenticated Users change ALLOW (CI)(OI)(IO)(I)


ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9c9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9c1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b8e5-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{4d22f310-1783-11e1-b03d-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{4d22f30b-1783-11e1-b03d-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{33dd6e32-19fc-11e1-aed9-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{039d2d60-111f-11e1-8342-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba15-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba0d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba05-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9fd-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9f1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9e9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9e1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9d9-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945b9d1-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba5d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba55-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba4d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba45-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba3d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba35-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba2d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba25-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba1d-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{cec22018-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{cec21ffe-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{cec21ff6-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945bbde-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945bbd7-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945bba2-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945bb89-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba7f-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{6945ba65-11bf-11e1-b442-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
\\?\c:\\System Volume Information\SystemRestore\System Volume Information

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{eb28178b-17a1-11e1-856e-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\System Volume Information\{eb28177d-17a1-11e1-856e-0015c5867e59}{3808876b-c176-4e48-b7ae-04046e6cc752}> failed with: Access is denied.


Operating system error message: Access is denied.
ERROR: Parsing the SD of <\\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_7bd b6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\77d2c16eaff4a61ce742900f488898ce_7bd b6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3d9b0622dfb157085bce3c0127fb4860_7bd b6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
ERROR: Parsing the SD of <\\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\07f3d2b5f37a91d9f84076cee386f8bd_7bd b6517-028f-4c07-8a83-19fb585d6dc1> failed with: The system cannot find the file specified.


Operating system error message: The system cannot find the file specified.
\\?\c:\\Users\TMoss\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Users\TMoss\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Windows\CSC\v2.0.6\pq

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\c:\\Windows\CSC\v2.0.6\temp\ea-{a7af2b49-31c3-11de-9742-001de0739ea3}

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\c:\\Windows\System32\LogFiles\WMI\RtBackup

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


__________________________________________________________________________

All processes killed
========== OTL ==========
Service seclogon stopped successfully!
Service seclogon deleted successfully!
Service QWAVE stopped successfully!
Service QWAVE deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.TMoss-PC
->Temp folder emptied: 213252 bytes
->Temporary Internet Files folder emptied: 5325514 bytes
->Java cache emptied: 182135 bytes
->FireFox cache emptied: 42484480 bytes
->Flash cache emptied: 599 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25016788 bytes
->FireFox cache emptied: 13664649 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TMoss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7799020 bytes
->Java cache emptied: 349047 bytes
->FireFox cache emptied: 42963717 bytes
->Google Chrome cache emptied: 8867460 bytes
->Flash cache emptied: 511 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.TMoss-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: UpdatusUser.TMoss-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6496256 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 219253 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 15613 bytes

Total Files Cleaned = 146.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.TMoss-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: TMoss
->Flash cache emptied: 0 bytes

User: UpdatusUser

User: UpdatusUser.TMoss-PC

User: UpdatusUser.TMoss-PC.000

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12052011_202642

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[tmoss]

And more logs

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 29
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````


__________________________________________________________________

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[tmoss]

It may be clean but I still have the same problems.....Do I still need to create a restore point with issues...

 

[Broni]

Yes, please do.

Then....

In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

 

[tmoss]

Here is what is happening everytime I try to run programs or make changes....Looks like a lot of auto rewrites....

Image PID File Read (B/min) Write (B/min) IO Priority Response Time (ms)
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe 4096 0 - 105
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.ci 4096 0 - 65
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms 16384 0 - 57
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\setup.chm 32768 0 - 39
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Users\Administrator.TMoss-PC\Desktop\aswMBR.exe 8192 0 - 37
OnlineCmdLineScanner.exe 4824 C:\Netgear\Monitor.bin 512 0 - 27
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\HomeStudentrWW.xml 11776 0 - 26
OnlineCmdLineScanner.exe 4824 C:\Netgear\MDM_Util.js 24064 0 - 26
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\AVAST Software\Avast\defs\11120501\db_pe2.dat 8192 0 - 25
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\Office64WW.xml 2560 0 - 23
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvaa.inf 32768 0 - 23
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\Setup.xml 10240 0 - 22
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml 1024 0 - 19
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvd3dum.dl_ 32768 0 - 19
OnlineCmdLineScanner.exe 4824 C:\Netgear\language.txt 32768 0 - 18
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvd3d9wrap.dl_ 32768 0 - 17
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4096 0 - 16
OnlineCmdLineScanner.exe 4824 C:\Netgear\InitialNetgear(1).html 4608 0 - 16
OnlineCmdLineScanner.exe 4824 C:\Netgear\Template.htm 10752 0 - 16
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\DisplayDriver.nvi 30720 0 - 16
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvao.inf 32768 0 - 16
OnlineCmdLineScanner.exe 4824 C:\Netgear\MDM_Progress.js 4608 0 - 15
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Windows\Installer 4096 0 - 15
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll 32768 0 - 15
OnlineCmdLineScanner.exe 4824 C:\$Mft (NTFS Master File Table) 4096 0 - 15
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\$Mft (NTFS Master File Table) 5160960 0 - 15
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\AVAST Software\Avast\defs\11120501\certs.map 12288 0 - 15
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\EULA.txt 8192 0 - 14
OnlineCmdLineScanner.exe 4824 C:\Netgear 4096 0 - 14
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Users\Administrator.TMoss-PC\Desktop\Junction.zip 12288 0 - 14
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\Nvcuvid.dl_ 32768 0 - 14
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi 43520 0 - 14
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\license.txt 15872 0 - 14
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\Setup.xml 22016 0 - 13
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvct.inf 32768 0 - 13
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvam.inf 32768 0 - 13
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST 32768 0 - 13
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvbl.inf 32768 0 - 13
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\ListDevices.txt 32768 0 - 13
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcompiler.dl_ 32768 0 - 12
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvdet.dl_ 1536 0 - 12
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml 6144 0 - 12
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Setup.cfg 7168 0 - 12
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir 20480 0 - 12
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvar.inf 32768 0 - 11
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\IObit\Advanced SystemCare 5 24576 0 - 11
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcuda.dl_ 32768 0 - 10
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvdecodemft.dl_ 32768 0 - 10
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\setup.exe 74240 0 - 10
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcv.inf 32768 0 - 10
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvapi.dl_ 32768 0 - 10
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\ID_1002F.DPC 2048 0 - 10
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm 27136 0 - 9
System 4 - 158196 589643 - 8
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvac.inf 32768 0 - 8
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C 8192 0 - 8
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\ose.exe 43008 0 - 8
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\license.txt 15872 0 - 8
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi 39424 0 - 6
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcuvenc.dl_ 32768 0 - 6
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll 95232 0 - 6
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\HomeStudentrWW.msi 3608576 0 - 6
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\dbInstaller.exe 101376 0 - 6
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\osetup.dll 233472 0 - 6
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\setup.exe 146432 0 - 6
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe 4096 0 - 6
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Windows\Web\Wallpaper 4096 0 - 5
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin 4096 0 - 5
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\CCleaner\CCleaner.exe 71680 0 - 5
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\Common Files\microsoft shared\ink 12288 0 - 5
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver 12288 0 - 5
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcompiler.dl_ 98304 0 - 4
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\DisplayDriverExt.dll 825344 0 - 4
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner64.ocx 680960 0 - 4
System 4 C:\$LogFile (NTFS Volume Log) 0 23040815 - 4
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\Office64WW.msi 761856 0 - 3
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvct.inf 24064 0 - 3
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe 53248 0 - 3
OnlineCmdLineScanner.exe 4824 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvdispco32.dll 828416 0 - 3
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\osetupui.dll 98304 0 - 3
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\HomeStudentrWW.msi 6104576 0 - 3
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab 25287680 0 - 2
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\OWOW64WW.cab 425984 0 - 2
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\DisplayDriverExt.dll 163840 0 - 2
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\osetup.dll 6303744 0 - 2
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\Fingerprint Reader Suite\enrollbtn.exe 30720 0 - 2
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\HomeSrWW.cab 132852224 0 - 2
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\HomeSrWW.cab 8032256 0 - 2
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvapi.dl_ 98304 0 - 2
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi 98304 0 - 2
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\Nvcuvid.dl_ 98304 0 - 2
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcv.inf 97792 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcuvenc.dl_ 98304 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvcuda.dl_ 98304 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvd3dum.dl_ 98304 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\dbInstaller.exe 98304 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvd3d9wrap.dl_ 98304 0 - 1
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\Office64WW.msi 98304 0 - 1
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi 98304 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvdecodemft.dl_ 98304 0 - 1
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\setup.exe 98304 0 - 1
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\ose.exe 98304 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvam.inf 186368 0 - 1
System 4 C:\System Volume Information\{cec22018-1ccc-11e1-b6f5-001de0739ea3}{3808876b-c176-4e48-b7ae-04046e6cc752} 0 175510 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvac.inf 154112 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvdispco32.dll 151552 0 - 1
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\1033\dwintl20.dll 76288 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\setup.exe 204800 0 - 1
System 4 C:\MSOCache\All Users\{91120000-002F-0000-0000-0000000FF1CE}-C\OWOW64WW.cab 3725312 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\ListDevices.txt 59904 0 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD402.tmp 0 4096 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD1F49.tmp 0 4096 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODE216.tmp 0 4096 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD185D.tmp 0 4096 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODD817.tmp 0 4096 - 1
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD3431.tmp 0 4096 - 1
OnlineCmdLineScanner.exe 4824 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab 1404928 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvao.inf 53248 0 - 1
System 4 C:\Netgear\language.txt 49664 0 - 1
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvbl.inf 39936 0 - 1
System 4 C:\$Mft (NTFS Master File Table) 0 4096 - 0
svchost.exe (LocalServiceNetworkRestricted) 1096 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat 0 512 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp 0 4096 - 0
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST 29184 0 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local 0 4096 - 0
System 4 C:\MSOCache\All Users\{90120000-0115-0409-0000-0000000FF1CE}-C\setup.chm 20480 0 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD3A79.tmp 0 8192 - 0
OnlineCmdLineScanner.exe 4824 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODBD00.tmp 4096 0 - 0
System 4 C:\$Mft (NTFS Master File Table) 0 11967 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD415B.tmp 0 8192 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NOD4A12.tmp 0 4096 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODBD00.tmp 0 4096 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODD03A.tmp 0 4096 - 0
System 4 C:\$BitMap (NTFS Free Space Map) 0 12031 - 0
System 4 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODB9AD.tmp 0 4096 - 0
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvaa.inf 6656 0 - 0
OnlineCmdLineScanner.exe 4824 C:\Netgear\InitialNetgear.html 4608 0 - 0
OnlineCmdLineScanner.exe 4824 C:\Users\Administrator.TMoss-PC\AppData\Local\Temp\NODB9AD.tmp 4096 0 - 0
SearchIndexer.exe 2660 - 90112 0 - 0
svchost.exe (LocalSystemNetworkRestricted) 1176 C:\Program Files\Kodak\Kodak EasyShare software\bin 4096 0 - 0
System 4 C:\NVIDIA\DisplayDriver\280.26\WinVista_Win7\International\Display.Driver\nvar.inf 8192 0 - 0

 

[tmoss]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.TMoss-PC
->Temp folder emptied: 187311 bytes
->Temporary Internet Files folder emptied: 7245999 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5610035 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TMoss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.TMoss-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser.TMoss-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.TMoss-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: TMoss
->Flash cache emptied: 0 bytes

User: UpdatusUser

User: UpdatusUser.TMoss-PC

User: UpdatusUser.TMoss-PC.000

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12062011_004348

Files\Folders moved on Reboot...
C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

\PIRRSBLE\topic174093[2].htm moved successfully.
C:\Users\Administrator.TMoss-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

\80822YQK\search[2].htm moved successfully.

Registry entries deleted on Reboot...

 

[tmoss]

Thank you so much for your help....A few older restore points are still there... Also I am not comfortable creating a new one with present issues such as everything we did pretty much got wrote back, firewall won't let me change settings, and modem/router is not secure....Not sure where to go from here....