# several apparent trojan worms in startup -- need help with removal



## human_error (Feb 5, 2010)

Recently my computer has begun to slow down to a crawl and the hard drive seems to run constantly. When I checked my startup, there are many files that seem to be trojans/worms. In addition, I've lost the "my computer" and "my document" icons on the desktop and the standard method of fixing it won't work because they are grayed out on the customize desktop window.

Any help would be truly appreciated.


----------



## human_error (Feb 5, 2010)

here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:39 PM, on 10/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9038 bytes


----------



## eddie5659 (Mar 19, 2001)

Hiya 

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

Regards

eddie


----------



## human_error (Feb 5, 2010)

I'm so grateful that you're going to help me.

Here are the logs you requested:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4971
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/27/2010 11:02:38 PM
mbam-log-2010-10-27 (23-02-38).txt
Scan type: Quick scan
Objects scanned: 141586
Time elapsed: 17 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/28/2010 at 02:01 AM
Application Version : 4.45.1000
Core Rules Database Version : 5771
Trace Rules Database Version: 3583
Scan type : Complete Scan
Total Scan Time : 02:37:51
Memory items scanned : 421
Memory threats detected : 0
Registry items scanned : 8276
Registry threats detected : 12
File items scanned : 148948
File threats detected : 126
Adware.IWinGames
HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
HKCR\IEHlprObj.IEHlprObj.1
HKCR\IEHlprObj.IEHlprObj.1\CLSID
HKCR\IEHlprObj.IEHlprObj
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
HKU\S-1-5-21-299502267-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CA5ED52-F3FB-4414-A105-2E3491156990}
Adware.Tracking Cookie
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][3].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][4].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][4].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][4].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][5].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][3].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][5].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][1].txt
C:\Documents and Settings\The Cook's\Application Data\Earthlink\6.0\[email protected]\Cookies\the_cook'[email protected][2].txt
.doubleclick.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
view.atdmt.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\The Cook's\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\CORNICE\SUPPORT\SHLWAPI.DLL

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:10:07 AM, on 10/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9209 bytes

Thanks...


----------



## eddie5659 (Mar 19, 2001)

No problem 

Just posting this, as I have to leave for glorious work in 5 minutes, joy!!!! 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## human_error (Feb 5, 2010)

I disabled AVG 2011, downloaded ComboFix, and ran it.

I can't find a log though. When I ran the ComboFix, it indicated several malware issues and I quarantined them. Not sure how to find the log tho. Tried search and still don't see it.


----------



## eddie5659 (Mar 19, 2001)

Is there nothing showing in the C Drive when you open up Windows Explorer? You're looking for a file called ComboFix.txt

If not, then open up Windows Explorer, and navigate to C:\Qoobox and locate this file:

*ComboFix-quarantined-files.txt*

And copy/paste the contents.

eddie


----------



## human_error (Feb 5, 2010)

I found that there was a second part of AVG that had to be disabled. I tried to run ComboFix and it completes to Stage_50. Then I get a blue screen error that reads in part:

A problem has been detected and windows has shut down to prevent damage to your computer.

BAD_POOL_HEADER

Technical information 0x00000019 (0x00000020, 0x821E970, 0x821E3D88, 0x1A830003)

Beginning dump of physical memory
Physical memory dump complete

I've tried running it twice and the same thing happened both times.

As far as My Computer and Explorer, both icons are missing and I've been unable to retrieve them. I did try searching for combofix.txt and it shows no log stored.


----------



## eddie5659 (Mar 19, 2001)

Maybe the fact it nearing Halloween is the reason, but a few people lately are having problems with any of the tools/fixes I post 

Okay, leave ComboFix for now, and we'll use the manual approach 

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


edie


----------



## human_error (Feb 5, 2010)

here is the OTL.txt log:

OTL logfile created on: 10/29/2010 4:31:56 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 44.52 Gb Free Space | 59.76% Space Free | Partition Type: NTFS

Computer Name: VICKIS4600 | User Name: The Cook's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
PRC - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/03/05 19:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/29 17:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2004/01/05 03:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THECOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/10 07:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 07:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 07:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006/10/26 04:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/30 23:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/08 05:05:16 | 000,014,356 | ---- | M] (MainData s.r.o) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hnetsun.sys -- (HNetSuN)
DRV - [2003/08/28 19:58:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 74 26 AD 8C 2E CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2010/10/23 22:32:40 | 000,000,000 | ---D | M]

[2010/03/30 16:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions
[2010/03/30 16:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/03 22:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\[email protected]
[2010/05/21 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions
[2009/09/03 22:26:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 23:05:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/13 15:55:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/05/21 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\[email protected]
[2009/03/13 13:20:05 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\searchplugins\live-search.xml
[2009/11/30 10:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/20 17:30:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/17 18:28:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/10/17 18:28:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/12/15 12:59:16 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/12/15 12:59:08 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/02/12 23:37:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: usahc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usateamcorp.com ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.gamehouse.com/games/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 16:30:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/10/28 20:14:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/28 20:14:03 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/28 20:14:03 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/28 20:14:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/28 20:14:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/28 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/28 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/28 19:49:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/28 18:23:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/28 18:23:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/28 18:23:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/28 18:23:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/28 17:44:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 22:24:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 19:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/24 01:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2010/10/24 01:25:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/24 01:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 01:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/24 01:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 22:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/23 22:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\WinRAR
[2010/10/23 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/23 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVS4YOU
[2010/10/23 22:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/23 22:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/23 22:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/10/23 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/10/23 22:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/10/23 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/10/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(3)
[2010/10/23 20:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(4)
[2010/10/21 04:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(2)
[2010/10/08 02:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2010/10/07 01:55:51 | 000,000,000 | ---D | C] -- C:\FTRSettings
[2010/10/07 01:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/10/05 02:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(2)
[2010/10/05 01:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Desktop\Samsung
[2010/10/05 01:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\.shcache
[2006/10/10 13:35:34 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/29 16:34:11 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
[2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/10/29 16:06:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 23:06:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 20:14:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 20:12:37 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 20:03:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 20:03:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 18:50:22 | 003,886,077 | R--- | M] () -- C:\Documents and Settings\The Cook's\Desktop\ComboFix.exe
[2010/10/28 02:10:07 | 000,009,210 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\hijackthis1028
[2010/10/28 02:07:32 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/27 22:24:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 05:11:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/10/24 01:40:53 | 000,407,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/24 00:34:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/24 00:26:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/22 14:58:00 | 000,439,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/22 14:58:00 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 20:35:23 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Microsoft Word.lnk
[2010/10/06 01:51:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/10/28 20:14:25 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 20:12:09 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 18:50:22 | 003,886,077 | R--- | C] () -- C:\Documents and Settings\The Cook's\Desktop\ComboFix.exe
[2010/10/28 18:23:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/28 18:23:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/28 18:23:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/28 02:10:07 | 000,009,210 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\hijackthis1028
[2010/10/24 19:48:02 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/22 14:43:14 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/10/22 14:43:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/10/22 14:43:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/22 14:43:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/10/22 14:43:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/10/22 14:43:13 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/22 14:43:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/10/22 14:43:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/10/22 14:43:13 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/22 14:43:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/10/22 14:43:13 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/10/06 01:51:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/09 14:48:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/09 14:48:50 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/09 14:48:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\$_hpcst$.hpc
[2010/02/19 15:51:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB
[2010/02/19 15:51:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB
[2009/10/17 23:51:36 | 000,207,184 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\c4u.log
[2009/10/17 16:20:56 | 000,016,130 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\clear.log
[2009/02/24 17:40:37 | 000,200,980 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\installer.log
[2008/03/16 20:53:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/16 19:38:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/30 14:02:17 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/03 12:48:54 | 000,000,076 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2006/10/26 18:38:42 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/26 18:38:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/19 20:03:33 | 000,001,567 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2006/07/25 01:04:39 | 000,005,815 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 01:04:39 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/20 19:49:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/06/19 19:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2006/04/15 16:45:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/15 16:45:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/20 22:23:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/15 09:33:52 | 000,017,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/07 14:52:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\lcjd.dll
[2005/09/07 14:52:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\timejd.dll
[2005/02/24 14:08:56 | 000,004,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/21 15:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TV4PC.INI
[2004/10/12 12:33:25 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/05/20 13:10:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TwUI215.INI
[2004/03/27 13:41:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/03/26 19:53:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/03/26 19:23:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/26 18:50:55 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/26 18:34:27 | 000,001,613 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/03/26 18:20:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/03/26 11:56:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:35:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 16:26:42 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/05/13 11:28:52 | 001,132,032 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/04/04 12:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll

========== LOP Check ==========

[2009/03/27 00:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/08/13 22:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/03/15 16:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/28 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/08/19 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/10/24 01:25:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/19 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/03/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/04/10 17:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/03 19:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/04/05 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/07/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2006/11/02 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HSLAB
[2009/03/29 15:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/03/07 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/10/01 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/19 11:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/10/24 01:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/17 20:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/14 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/10/03 00:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/18 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2009/05/20 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/23 22:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/04 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/01/15 22:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/15 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2009/04/12 02:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2007/12/06 02:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/01/18 17:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2007/10/07 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2010/03/20 00:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/10/24 05:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/01 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2009/09/03 22:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/10/31 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/12 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/01/22 20:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/06/09 14:00:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2006/10/31 18:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Aim
[2009/07/04 21:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AlwaysNeat
[2010/10/24 01:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2009/07/08 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\cerasus.media
[2010/09/09 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\CocoonSoftware
[2004/03/26 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Earthlink
[2010/01/31 15:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\EnchantedCavern
[2008/09/03 20:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Eyeblaster
[2009/05/21 02:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FairyTale
[2010/10/29 13:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FileZilla
[2010/10/24 00:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FilmLoop
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Flood Light Games
[2010/01/15 22:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Friday's games
[2009/08/19 16:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\funkitron
[2009/03/13 11:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameHouse
[2010/04/14 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameMill Entertainment
[2008/01/13 22:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GetRightToGo
[2009/07/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Gogii Games
[2008/01/13 19:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\gtk-2.0
[2006/11/02 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\HSLAB
[2010/03/05 05:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\IronCode
[2009/04/04 15:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Jetsetter
[2009/03/10 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\JewelMatch2
[2004/03/28 07:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Leadertech
[2008/10/15 20:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\LTOA
[2009/04/18 18:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Meridian93
[2006/08/30 04:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Netscape
[2010/09/09 14:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PC Suite
[2008/10/19 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Pi Eye Games
[2009/03/04 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PlayFirst
[2009/04/12 02:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PoBros
[2009/05/26 04:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PreCast
[2010/04/15 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Purple Patch Games
[2004/10/07 18:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\RhinoSoft.com
[2010/09/09 14:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Samsung
[2009/07/01 22:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\StoneLoopsRL
[2010/09/23 15:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Temp
[2006/06/19 08:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\The Labyrinth Plus! Edition
[2010/03/30 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Thunderbird
[2010/01/23 21:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\TMInc
[2009/05/24 16:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Total Eclipse
[2006/10/03 19:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Ulead Systems
[2009/06/30 04:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\URSE Games
[2009/04/12 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Valusoft
[2006/11/05 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Wildfire
[2010/10/29 16:34:11 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85DBC22B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP16E7091
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30AF8E0D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6426C0E9
< End of report >


----------



## human_error (Feb 5, 2010)

and here is the Extras.Txt log: 

OTL Extras logfile created on: 10/29/2010 4:31:56 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 266.00 Mb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 44.52 Gb Free Space | 59.76% Space Free | Partition Type: NTFS

Computer Name: VICKIS4600 | User Name: The Cook's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (KODAK)
"C:\Program Files\FileZilla Client\filezilla.exe" = C:\Program Files\FileZilla Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218F4044-888B-4D2B-9536-654E412C8F53}" = Design & Print, Business Edition
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115313460}" = Enchanted Cavern
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Wireless Keyboard & Mouse Driver
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"040a_5005" = USB MassStorage CardReader
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"3D Windows XP" = 3D Windows XP Screen Saver
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"amg-bricksofegypt" = Bricks of Egypt
"amg-worldadventure" = World Adventure
"Annabel" = Annabel
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst
"Bookworm Deluxe 1.13" = Bookworm Deluxe 1.13
"Brain Games Brain Teasers" = Brain Games Brain Teasers 
"Call of Atlantis" = Call of Atlantis
"Carbonite Backup" = Carbonite
"Caribbean Explorer_is1" = Caribbean Explorer 1.0.0.9
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cornice_is1" = Cornice 0.6.1
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Cubis Gold 2" = Cubis Gold 2
"Diamond Detective" = Diamond Detective
"eGames GameButler" = eGames GameButler
"ExtractNow_is1" = ExtractNow
"Farm Frenzy  Pizza Party!" = Farm Frenzy  Pizza Party!
"FileZilla Client" = FileZilla Client 3.3.4.1
"FTR Gold" = FTR Gold
"FTR Log Notes" = FTR Log Notes
"GameHouse" = GameHouse
"getPlus(R)_dll" = getPlus(R)_dll
"Hawaiian Explorer Lost Island_is1" = Hawaiian Explorer Lost Island 1.0.0.9
"Hawaiian Explorer Pearl Harbor_is1" = Hawaiian Explorer Pearl Harbor 1.0.0.30
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Insider Tales  The stolen Venus" = Insider Tales  The stolen Venus
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Wireless Keyboard & Mouse Driver
"InstallShield_{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iWinArcade" = iWin Games (remove only)
"Jewel Of Atlantis_is1" = Jewel Of Atlantis
"Jewel Quest III" = Jewel Quest III (remove only)
"Jewel Quest Mysteries: Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear (remove only)
"Lexicon" = Lexicon
"Lexicon Special Edition" = Lexicon Special Edition
"Lost Secrets Bermuda Triangle" = Lost Secrets Bermuda Triangle
"Magic Encyclopedia. First Story" = Magic Encyclopedia. First Story
"Mah Jong Quest" = Mah Jong Quest (remove only)
"Margrave Manor 2" = Margrave Manor 2 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"OpenAL" = OpenAL
"Playsushi" = Playsushi
"PreCast" = Ocucom PreCast 1.6
"RealPlayer 6.0" = RealPlayer
"Rightdown SoftwareRightdown Software SearchBar" = Rightdown Software - Toolbar
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SCRABBLE" = SCRABBLE
"SP6" = Logitech SetPoint 6.0
"The Curse Of Montezuma" = The Curse Of Montezuma
"Treasure Masters, Inc." = Treasure Masters, Inc.
"TruVoice" = Lernout & Hauspie TruVoice for Microsoft Agent
"VIVAGplayer" = VIVA MEDIA GAME CENTER
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Games Player Plugin" = Web Games Player Plugin
"WebIQ" = WebIQ Client Software
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Womens Murder Club - Death in Scarlet_is1" = Womens Murder Club - Death in Scarlet
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2010 5:41:41 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/24/2010 5:52:04 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/24/2010 7:41:41 AM | Computer Name = VICKIS4600 | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/24/2010 7:42:50 AM | Computer Name = VICKIS4600 | Source = Application Hang | ID = 1001
Description = Fault bucket 502380885.

Error - 10/25/2010 11:05:11 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/27/2010 10:51:02 PM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/28/2010 2:30:46 AM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/28/2010 6:59:09 PM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/28/2010 7:25:09 PM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

Error - 10/28/2010 8:24:36 PM | Computer Name = VICKIS4600 | Source = .NET Runtime Optimization Service | ID = 1110
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service Manager returned a fatal error (0x80004002). Will stop service

[ System Events ]
Error - 10/27/2010 10:25:34 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7034
Description = The Kodak AiO Network Discovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/27/2010 10:25:36 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/27/2010 10:26:23 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the CarboniteService service, 
but this action failed with the following error: %%1056

Error - 10/28/2010 8:34:16 AM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avgwd service.

Error - 10/28/2010 6:45:28 PM | Computer Name = VICKIS4600 | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 821df5d8, parameter3
821df9f0, parameter4 1a830004.

Error - 10/28/2010 7:10:06 PM | Computer Name = VICKIS4600 | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 821e3970, parameter3
821e3d88, parameter4 1a830003.

Error - 10/28/2010 7:38:46 PM | Computer Name = VICKIS4600 | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 828a6100, parameter3
828a6518, parameter4 1a830002.

Error - 10/28/2010 8:03:58 PM | Computer Name = VICKIS4600 | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 822d92c0, parameter3
822d96d8, parameter4 1a830003.

Error - 10/28/2010 8:14:39 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7000
Description = The avipbb service failed to start due to the following error: %%31

Error - 10/28/2010 8:14:41 PM | Computer Name = VICKIS4600 | Source = Service Control Manager | ID = 7000
Description = The avipbb service failed to start due to the following error: %%31

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Bit confused, as you said that you were trying to disable AVG, but the only Antivirus that you have running is this one:

*Avira AntiVir Personal*

And this is how to disable it:

- Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background.
- Right click it-> untick the option *AntiVir Guard enable*
- You should now see a closed, white umbrella on a red background

------

Anyway, for the moment can you do this:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85DBC22B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP16E7091
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30AF8E0D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6426C0E9
:Files
C:\Program Files\PlaySushi
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 
Open OTL again and click the *Quick Scan* button. Post the log it produces in your next reply. 

eddie


----------



## human_error (Feb 5, 2010)

When I was unable to run ComboFix, i thought perhaps it was because i was only able to disable AVG for 15 minutes maximum and the scan was taking longer. So I uninstalled AVG. Then I installed Avivra as an alternative, hoping that I could get ComboFix to perform, which didn't ultimately happen.

Sorry for the confusion. I'll continue on with your instructions now.


----------



## human_error (Feb 5, 2010)

here is the OTL log:

OTL logfile created on: 10/31/2010 5:42:13 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 44.49 Gb Free Space | 59.72% Space Free | Partition Type: NTFS

Computer Name: VICKIS4600 | User Name: The Cook's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
PRC - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/03/05 19:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/29 17:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2004/01/05 03:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THECOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/10 07:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 07:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 07:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006/10/26 04:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/30 23:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/08 05:05:16 | 000,014,356 | ---- | M] (MainData s.r.o) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hnetsun.sys -- (HNetSuN)
DRV - [2003/08/28 19:58:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 74 26 AD 8C 2E CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2010/10/23 22:32:40 | 000,000,000 | ---D | M]

[2010/03/30 16:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions
[2010/03/30 16:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/03 22:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\[email protected]
[2010/05/21 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions
[2009/09/03 22:26:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 23:05:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/13 15:55:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/05/21 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\[email protected]
[2009/03/13 13:20:05 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\searchplugins\live-search.xml
[2009/11/30 10:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/20 17:30:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/17 18:28:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/10/17 18:28:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/12/15 12:59:16 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/12/15 12:59:08 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/10/31 17:37:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: usahc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usateamcorp.com ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.gamehouse.com/games/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/31 17:35:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/29 16:30:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/10/28 20:14:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/28 20:14:03 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/28 20:14:03 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/28 20:14:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/28 20:14:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/28 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/28 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/28 19:49:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/28 18:23:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/28 18:23:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/28 18:23:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/28 18:23:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/28 17:44:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 22:24:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 19:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/24 01:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2010/10/24 01:25:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/24 01:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 01:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/24 01:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 22:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/23 22:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\WinRAR
[2010/10/23 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/23 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVS4YOU
[2010/10/23 22:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/23 22:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/23 22:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/10/23 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/10/23 22:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/10/23 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/10/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(3)
[2010/10/23 20:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(4)
[2010/10/21 04:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(2)
[2010/10/08 02:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2010/10/07 01:55:51 | 000,000,000 | ---D | C] -- C:\FTRSettings
[2010/10/07 01:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/10/05 02:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(2)
[2010/10/05 01:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Desktop\Samsung
[2010/10/05 01:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\.shcache
[2006/10/10 13:35:34 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 17:41:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/31 17:39:42 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/31 17:39:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 17:37:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/31 17:34:28 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
[2010/10/31 17:06:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/31 00:56:20 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/10/30 18:26:04 | 000,234,601 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housefront2.jpg
[2010/10/30 18:25:53 | 000,363,427 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseview.jpg
[2010/10/30 18:25:37 | 000,267,410 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housecarback.jpg
[2010/10/30 18:14:47 | 000,273,365 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseback.jpg
[2010/10/30 18:14:27 | 000,165,758 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseshop.jpg
[2010/10/30 18:14:20 | 000,219,051 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseliving.jpg
[2010/10/30 18:14:08 | 000,251,224 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housekitchen.jpg
[2010/10/30 18:13:54 | 000,247,794 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housedining.jpg
[2010/10/30 17:23:28 | 000,311,333 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housefront.jpg
[2010/10/30 17:23:23 | 000,259,814 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housegarage.jpg
[2010/10/30 17:22:32 | 000,280,102 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseriver.jpg
[2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/10/28 20:14:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 20:12:37 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 18:50:22 | 003,886,077 | R--- | M] () -- C:\Documents and Settings\The Cook's\Desktop\ComboFix.exe
[2010/10/28 02:10:07 | 000,009,210 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\hijackthis1028
[2010/10/28 02:07:32 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/27 22:24:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 05:11:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/10/24 01:40:53 | 000,407,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/24 00:34:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/24 00:26:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/22 14:58:00 | 000,439,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/22 14:58:00 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 20:35:23 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Microsoft Word.lnk
[2010/10/06 01:51:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/10/30 18:26:04 | 000,234,601 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housefront2.jpg
[2010/10/30 18:25:53 | 000,363,427 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseview.jpg
[2010/10/30 18:25:37 | 000,267,410 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housecarback.jpg
[2010/10/30 18:14:47 | 000,273,365 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseback.jpg
[2010/10/30 18:14:27 | 000,165,758 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseshop.jpg
[2010/10/30 18:14:20 | 000,219,051 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseliving.jpg
[2010/10/30 18:14:08 | 000,251,224 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housekitchen.jpg
[2010/10/30 18:13:54 | 000,247,794 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housedining.jpg
[2010/10/30 17:23:28 | 000,311,333 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housefront.jpg
[2010/10/30 17:23:23 | 000,259,814 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housegarage.jpg
[2010/10/30 17:22:31 | 000,280,102 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseriver.jpg
[2010/10/28 20:14:25 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 20:12:09 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 18:50:22 | 003,886,077 | R--- | C] () -- C:\Documents and Settings\The Cook's\Desktop\ComboFix.exe
[2010/10/28 18:23:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/28 18:23:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/28 18:23:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/28 02:10:07 | 000,009,210 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\hijackthis1028
[2010/10/24 19:48:02 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/22 14:43:14 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/10/22 14:43:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/10/22 14:43:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/22 14:43:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/10/22 14:43:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/10/22 14:43:13 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/22 14:43:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/10/22 14:43:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/10/22 14:43:13 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/22 14:43:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/10/22 14:43:13 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/10/06 01:51:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/09 14:48:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/09 14:48:50 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/09 14:48:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\$_hpcst$.hpc
[2010/02/19 15:51:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB
[2010/02/19 15:51:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB
[2009/10/17 23:51:36 | 000,207,184 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\c4u.log
[2009/10/17 16:20:56 | 000,016,130 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\clear.log
[2009/02/24 17:40:37 | 000,200,980 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\installer.log
[2008/03/16 20:53:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/16 19:38:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/30 14:02:17 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/03 12:48:54 | 000,000,076 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2006/10/26 18:38:42 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/26 18:38:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/19 20:03:33 | 000,001,567 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2006/07/25 01:04:39 | 000,005,815 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 01:04:39 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/20 19:49:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/06/19 19:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2006/04/15 16:45:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/15 16:45:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/20 22:23:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/15 09:33:52 | 000,017,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/07 14:52:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\lcjd.dll
[2005/09/07 14:52:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\timejd.dll
[2005/02/24 14:08:56 | 000,004,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/21 15:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TV4PC.INI
[2004/10/12 12:33:25 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/05/20 13:10:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TwUI215.INI
[2004/03/27 13:41:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/03/26 19:53:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/03/26 19:23:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/26 18:50:55 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/26 18:34:27 | 000,001,613 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/03/26 18:20:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/03/26 11:56:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:35:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 16:26:42 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/05/13 11:28:52 | 001,132,032 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/04/04 12:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll

========== LOP Check ==========

[2009/03/27 00:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/08/13 22:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/03/15 16:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/28 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/08/19 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/10/24 01:25:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/19 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/03/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/04/10 17:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/03 19:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/04/05 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/07/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2006/11/02 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HSLAB
[2009/03/29 15:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/03/07 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/10/01 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/19 11:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/10/24 01:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/17 20:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/14 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/10/03 00:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/18 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2009/05/20 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/23 22:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/04 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/01/15 22:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/15 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2009/04/12 02:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2007/12/06 02:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/01/18 17:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2007/10/07 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2010/03/20 00:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/10/24 05:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/01 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2009/09/03 22:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/10/31 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/12 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/01/22 20:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/06/09 14:00:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2006/10/31 18:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Aim
[2009/07/04 21:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AlwaysNeat
[2010/10/24 01:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2009/07/08 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\cerasus.media
[2010/09/09 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\CocoonSoftware
[2004/03/26 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Earthlink
[2010/01/31 15:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\EnchantedCavern
[2008/09/03 20:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Eyeblaster
[2009/05/21 02:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FairyTale
[2010/10/29 19:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FileZilla
[2010/10/24 00:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FilmLoop
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Flood Light Games
[2010/01/15 22:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Friday's games
[2009/08/19 16:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\funkitron
[2009/03/13 11:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameHouse
[2010/04/14 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameMill Entertainment
[2008/01/13 22:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GetRightToGo
[2009/07/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Gogii Games
[2008/01/13 19:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\gtk-2.0
[2006/11/02 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\HSLAB
[2010/03/05 05:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\IronCode
[2009/04/04 15:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Jetsetter
[2009/03/10 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\JewelMatch2
[2004/03/28 07:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Leadertech
[2008/10/15 20:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\LTOA
[2009/04/18 18:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Meridian93
[2006/08/30 04:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Netscape
[2010/09/09 14:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PC Suite
[2008/10/19 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Pi Eye Games
[2009/03/04 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PlayFirst
[2009/04/12 02:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PoBros
[2009/05/26 04:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PreCast
[2010/04/15 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Purple Patch Games
[2004/10/07 18:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\RhinoSoft.com
[2010/09/09 14:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Samsung
[2009/07/01 22:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\StoneLoopsRL
[2010/09/23 15:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Temp
[2006/06/19 08:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\The Labyrinth Plus! Edition
[2010/03/30 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Thunderbird
[2010/01/23 21:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\TMInc
[2009/05/24 16:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Total Eclipse
[2006/10/03 19:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Ulead Systems
[2009/06/30 04:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\URSE Games
[2009/04/12 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Valusoft
[2006/11/05 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Wildfire
[2010/10/31 17:34:28 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP16E7091
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
< End of report >


----------



## eddie5659 (Mar 19, 2001)

Oki doki, we'll remove the folders that AVG left at the end 

Download the *GMER Rootkit Scanner*. Unzip it to your Desktop.

*Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.*

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double-click *gmer.exe*. The program will begin to run.

***Caution***
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click *NO*
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is *un-checked*.
Now click the Scan button.
_Once the scan is complete, you may receive another notice about rootkit activity._
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "*GMER.txt*" 
Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

eddie


----------



## human_error (Feb 5, 2010)

I disabled Avira and my firewall. I downloaded GMER and saved to my desktop. As soon as I double-clicked GMER, I once again got a blue screen error which immediately shut down the OS.

Please don't give up on me.  I'm totally clueless on how to get past this "serious Microsoft error" (as the popup tells me when trying to run ComboFix as well as GMER).

As always, your help is sincerely appreciated.

Vicki


----------



## eddie5659 (Mar 19, 2001)

Hmmm, lets try a chkdsk to see if that helps with the problems..

Start and then to Run
Type in *Chkdsk /r* Note the space between k and /
Click Enter ...It will probably ask if you want to do this on the next reboot...click Y

Then reboot manually if it doesn't restart automatically.

----------------------------

After restarting after its done its scan (it can take a while, so grab a cuppa), run this tool instead, hopefully this works.

Download *RootRepeal* from one of the following locations and save it to your desktop:
*Link 1*
*Link 2*
*Link 3*

Double click







to start the program
Click on the *Report* tab at the bottom of the program window
Click the







button
In the *Select Scan* dialog, check:
*
[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT*

Click the *OK* button
In the next dialog, select *all drives* showing
Click *OK* to start the scan
_Note: The scan can take some time. *DO NOT* run any other programs while the scan is running_​
When the scan is complete, click the







button and save the report to your Desktop as *RootRepeal.txt*
Go to *File*, then *Exit* to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. *If the report is very long*, it will not be complete if you post it, so please *attach* it to your reply instead.
Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RootRepeal.txt * on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## human_error (Feb 5, 2010)

Chkdsk /r ran fine.

I downloaded RootRepeal and saved to desktop.

When I start the program, a popup appears that says initializing program. And then nothing happens. When I look at task manager, it says the program is not responding. I've tried it twice and both times let it run for approx. 20 minutes. Both times, the initializing screen is the only thing I see.

Perhaps I'm not waiting long enough for it to start. Please let me know if I should be giving it more time to initialize and begin.

Thanks, Eddie.

Vicki


----------



## eddie5659 (Mar 19, 2001)

Can you do this for me, then run the online scan below:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\WINDOWS\Tasks\User_Feed_Synchronization-{E44811A9-3D4A-4673-864C-58B0C09CE97C}.job
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 
Open OTL again and click the *Quick Scan* button. Post the log it produces in your next reply. 

=======================

Lets see if the online scan picks up anything:

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
 Click the *Save report...* button.










 Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply

eddie


----------



## human_error (Feb 5, 2010)

here is the new OTL.txt log

OTL logfile created on: 11/3/2010 6:58:24 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 121.00 Mb Available Physical Memory | 24.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 44.62 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: VICKIS4600 | User Name: The Cook's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
PRC - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 16:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/03/05 19:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/02 11:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/29 17:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/03 16:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2004/01/05 03:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THECOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/10 07:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 07:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 07:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/03/29 15:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006/10/26 04:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/30 23:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/06 14:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/08 05:05:16 | 000,014,356 | ---- | M] (MainData s.r.o) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hnetsun.sys -- (HNetSuN)
DRV - [2003/08/28 19:58:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 74 26 AD 8C 2E CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2010/10/23 22:32:40 | 000,000,000 | ---D | M]

[2010/03/30 16:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions
[2010/03/30 16:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/03 22:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\[email protected]
[2010/05/21 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions
[2009/09/03 22:26:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 23:05:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/13 15:55:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/05/21 15:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\[email protected]
[2009/03/13 13:20:05 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\searchplugins\live-search.xml
[2009/11/30 10:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/20 17:30:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/17 18:28:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/10/17 18:28:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/12/15 12:59:16 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/12/15 12:59:08 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/11/03 18:50:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: usahc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usateamcorp.com ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.gamehouse.com/games/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 21:15:47 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\The Cook's\Desktop\RootRepeal.exe
[2010/11/02 01:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\Avira
[2010/10/31 17:35:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/29 16:30:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/10/28 20:14:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/28 20:14:03 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/28 20:14:03 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/28 20:14:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/28 20:14:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/28 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/28 20:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/28 19:49:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/28 18:23:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/28 18:23:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/28 18:23:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/28 18:23:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/28 17:44:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 22:24:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 19:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/24 01:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2010/10/24 01:25:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/24 01:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 01:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/24 01:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 22:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/23 22:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\WinRAR
[2010/10/23 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/23 22:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVS4YOU
[2010/10/23 22:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/23 22:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/23 22:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/10/23 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/10/23 22:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/10/23 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/10/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(3)
[2010/10/23 20:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(4)
[2010/10/21 04:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(2)
[2010/10/08 02:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2010/10/07 01:55:51 | 000,000,000 | ---D | C] -- C:\FTRSettings
[2010/10/07 01:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010/10/05 02:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(2)
[2010/10/05 01:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Desktop\Samsung
[2010/10/05 01:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\.shcache
[2006/10/10 13:35:34 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/03 18:57:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/03 18:56:04 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/03 18:55:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 18:50:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/03 18:06:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/02 21:15:51 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\The Cook's\Desktop\RootRepeal.exe
[2010/11/02 01:49:35 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\gmer.zip
[2010/10/31 00:56:20 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/10/30 18:26:04 | 000,234,601 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housefront2.jpg
[2010/10/30 18:25:53 | 000,363,427 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseview.jpg
[2010/10/30 18:25:37 | 000,267,410 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housecarback.jpg
[2010/10/30 18:14:47 | 000,273,365 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseback.jpg
[2010/10/30 18:14:27 | 000,165,758 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseshop.jpg
[2010/10/30 18:14:20 | 000,219,051 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseliving.jpg
[2010/10/30 18:14:08 | 000,251,224 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housekitchen.jpg
[2010/10/30 18:13:54 | 000,247,794 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housedining.jpg
[2010/10/30 17:23:28 | 000,311,333 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housefront.jpg
[2010/10/30 17:23:23 | 000,259,814 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housegarage.jpg
[2010/10/30 17:22:32 | 000,280,102 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseriver.jpg
[2010/10/29 16:31:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/10/28 20:14:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 20:12:37 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 02:07:32 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/27 22:24:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 05:11:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/10/24 01:40:53 | 000,407,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/24 00:34:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/24 00:26:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/22 14:58:00 | 000,439,178 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/22 14:58:00 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/08 20:35:23 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Microsoft Word.lnk
[2010/10/06 01:51:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/11/02 01:49:34 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\gmer.zip
[2010/10/30 18:26:04 | 000,234,601 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housefront2.jpg
[2010/10/30 18:25:53 | 000,363,427 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseview.jpg
[2010/10/30 18:25:37 | 000,267,410 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housecarback.jpg
[2010/10/30 18:14:47 | 000,273,365 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseback.jpg
[2010/10/30 18:14:27 | 000,165,758 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseshop.jpg
[2010/10/30 18:14:20 | 000,219,051 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseliving.jpg
[2010/10/30 18:14:08 | 000,251,224 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housekitchen.jpg
[2010/10/30 18:13:54 | 000,247,794 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housedining.jpg
[2010/10/30 17:23:28 | 000,311,333 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housefront.jpg
[2010/10/30 17:23:23 | 000,259,814 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housegarage.jpg
[2010/10/30 17:22:31 | 000,280,102 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseriver.jpg
[2010/10/28 20:14:25 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 20:12:09 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 18:23:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/28 18:23:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/28 18:23:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/24 19:48:02 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/22 14:43:14 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/10/22 14:43:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/10/22 14:43:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/22 14:43:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/10/22 14:43:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/10/22 14:43:13 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/22 14:43:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/10/22 14:43:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/10/22 14:43:13 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/22 14:43:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/10/22 14:43:13 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/10/06 01:51:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/09 14:48:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/09 14:48:50 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/09 14:48:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\$_hpcst$.hpc
[2010/02/19 15:51:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB
[2010/02/19 15:51:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB
[2009/10/17 23:51:36 | 000,207,184 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\c4u.log
[2009/10/17 16:20:56 | 000,016,130 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\clear.log
[2009/02/24 17:40:37 | 000,200,980 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\installer.log
[2008/03/16 20:53:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/16 19:38:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/30 14:02:17 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/03 12:48:54 | 000,000,076 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2006/10/26 18:38:42 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/26 18:38:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/19 20:03:33 | 000,001,567 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2006/07/25 01:04:39 | 000,005,815 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 01:04:39 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/20 19:49:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/06/19 19:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2006/04/15 16:45:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/15 16:45:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/20 22:23:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/15 09:33:52 | 000,017,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/07 14:52:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\lcjd.dll
[2005/09/07 14:52:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\timejd.dll
[2005/02/24 14:08:56 | 000,004,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/21 15:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TV4PC.INI
[2004/10/12 12:33:25 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/05/20 13:10:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TwUI215.INI
[2004/03/27 13:41:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/03/26 19:53:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/03/26 19:23:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/26 18:50:55 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/26 18:34:27 | 000,001,613 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/03/26 18:20:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/03/26 11:56:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/06 14:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:35:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 16:26:42 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/05/13 11:28:52 | 001,132,032 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/04/04 12:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll

========== LOP Check ==========

[2009/03/27 00:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/11/02 02:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/03/15 16:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/28 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/08/19 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/10/24 01:25:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/19 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/03/30 12:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/04/10 17:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/03 19:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/04/05 18:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/07/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2006/11/02 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HSLAB
[2009/03/29 15:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/03/07 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/10/01 20:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/19 11:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/10/24 01:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/17 20:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/14 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/10/03 00:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/18 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2009/05/20 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/23 22:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/04 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/01/15 22:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/15 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2009/04/12 02:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2007/12/06 02:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/01/18 17:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2007/10/07 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2010/03/20 00:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/10/31 23:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/01 21:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2009/09/03 22:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/10/31 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/12 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/01/22 20:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/06/09 14:00:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2006/10/31 18:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Aim
[2009/07/04 21:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AlwaysNeat
[2010/10/24 01:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2009/07/08 00:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\cerasus.media
[2010/09/09 15:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\CocoonSoftware
[2004/03/26 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Earthlink
[2010/01/31 15:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\EnchantedCavern
[2008/09/03 20:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Eyeblaster
[2009/05/21 02:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FairyTale
[2010/11/02 19:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FileZilla
[2010/10/24 00:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FilmLoop
[2010/03/11 00:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Flood Light Games
[2010/01/15 22:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Friday's games
[2009/08/19 16:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\funkitron
[2009/03/13 11:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameHouse
[2010/04/14 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameMill Entertainment
[2008/01/13 22:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GetRightToGo
[2009/07/15 13:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Gogii Games
[2008/01/13 19:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\gtk-2.0
[2006/11/02 03:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\HSLAB
[2010/03/05 05:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\IronCode
[2009/04/04 15:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Jetsetter
[2009/03/10 20:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\JewelMatch2
[2004/03/28 07:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Leadertech
[2008/10/15 20:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\LTOA
[2009/04/18 18:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Meridian93
[2006/08/30 04:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Netscape
[2010/09/09 14:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PC Suite
[2008/10/19 20:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Pi Eye Games
[2009/03/04 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PlayFirst
[2009/04/12 02:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PoBros
[2009/05/26 04:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PreCast
[2010/04/15 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Purple Patch Games
[2004/10/07 18:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\RhinoSoft.com
[2010/09/09 14:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Samsung
[2009/07/01 22:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\StoneLoopsRL
[2010/09/23 15:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Temp
[2006/06/19 08:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\The Labyrinth Plus! Edition
[2010/03/30 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Thunderbird
[2010/01/23 21:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\TMInc
[2009/05/24 16:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Total Eclipse
[2006/10/03 19:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Ulead Systems
[2009/06/30 04:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\URSE Games
[2009/04/12 15:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Valusoft
[2006/11/05 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Wildfire

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP16E7091
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
< End of report >


----------



## human_error (Feb 5, 2010)

And the Kas Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 4, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 04, 2010 14:55:09
Records in database: 4212653
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 189041
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:42:18

File name / Threat / Threats count
C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP275\A0077707.dll Infected: Backdoor.Win32.IRCNite.bti 1
Selected area has been scanned.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets try this tool, but if that doesn't work in normal mode, can you try it in safe mode:

Download SysProt Antirootkit

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

Click on the Log tab.

In the Write to log box select all items.

Click on the Create Log button on the bottom right.

After a few seconds a new Window should appear.

Make sure Scan all drives is selected and click on the Start button.

When it is complete a new Window will appear to indicate that the scan is finished.

The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.


----------



## human_error (Feb 5, 2010)

SysProt log:

SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No
Name: SYSTEM
PID: 4
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\smss.exe
PID: 376
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\csrss.exe
PID: 424
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\winlogon.exe
PID: 448
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\services.exe
PID: 492
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\lsass.exe
PID: 504
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 700
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 768
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 808
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 860
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 968
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 1172
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1264
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1348
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 1392
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1488
Hidden: No
Window Visible: No
Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1540
Hidden: No
Window Visible: No
Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PID: 1564
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\FsUsbExService.Exe
PID: 1636
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PID: 1656
Hidden: No
Window Visible: No
Name: C:\Program Files\iWin Games\iWinTrusted.exe
PID: 1744
Hidden: No
Window Visible: No
Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1788
Hidden: No
Window Visible: No
Name: C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PID: 1852
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1900
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 2036
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\locator.exe
PID: 172
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\svchost.exe
PID: 208
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\wscntfy.exe
PID: 1824
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\alg.exe
PID: 1944
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PID: 2184
Hidden: No
Window Visible: No
Name: C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PID: 2208
Hidden: No
Window Visible: No
Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2384
Hidden: No
Window Visible: No
Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 2412
Hidden: No
Window Visible: No
Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2516
Hidden: No
Window Visible: No
Name: C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PID: 2540
Hidden: No
Window Visible: No
Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3020
Hidden: No
Window Visible: No
Name: C:\WINDOWS\explorer.exe
PID: 3580
Hidden: No
Window Visible: No
Name: C:\Documents and Settings\The Cook's\Desktop\SysProt\SysProt\SysProt.exe
PID: 2984
Hidden: No
Window Visible: Yes
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\The Cook's\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F225D000
Module End: F2268000
Hidden: No
Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806EDA80
Hidden: No
Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806EE000
Module End: 8070E300
Hidden: No
Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F89F6000
Module End: F89F8000
Hidden: No
Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F8906000
Module End: F8909000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F84A7000
Module End: F84D5000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F89F8000
Module End: F89FA000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F8496000
Module End: F84A7000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F84F6000
Module End: F8500000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F8ABE000
Module End: F8ABF000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F8776000
Module End: F877D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F8506000
Module End: F8511000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F8477000
Module End: F8496000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F877E000
Module End: F8783000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F8516000
Module End: F8523000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F845F000
Module End: F8477000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F8526000
Module End: F852F000
Hidden: No
Module Name: \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F8536000
Module End: F8543000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F843F000
Module End: F845F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F842D000
Module End: F843F000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F8786000
Module End: F878B000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: F8418000
Module End: F842D000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F8401000
Module End: F8418000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F8374000
Module End: F8401000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F8347000
Module End: F8374000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F832D000
Module End: F8347000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F8546000
Module End: F8551000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F8716000
Module End: F871F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F772F000
Module End: F7895000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F771B000
Module End: F772F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F87BE000
Module End: F87C4000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F76F7000
Module End: F771B000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F87C6000
Module End: F87CE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: F76C3000
Module End: F76F7000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ks.sys
Service Name: ---
Module Base: F76A0000
Module End: F76C3000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F75A1000
Module End: F76A0000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F74FA000
Module End: F75A1000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F87CE000
Module End: F87D6000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\AN983.sys
Service Name: AN983
Module Base: F8726000
Module End: F872F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\serial.sys
Service Name: Serial
Module Base: F8736000
Module End: F8746000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: F79CE000
Module End: F79D2000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F74E6000
Module End: F74FA000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: F8A34000
Module End: F8A36000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F8746000
Module End: F8756000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F8756000
Module End: F8765000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F8766000
Module End: F8771000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\smwdm.sys
Service Name: smwdm
Module Base: F74A6000
Module End: F74E6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F7482000
Module End: F74A6000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F8566000
Module End: F8575000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\senfilt.sys
Service Name: senfilt
Module Base: F73CF000
Module End: F7482000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F8C3C000
Module End: F8C3D000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7C0F000
Module End: F7C1C000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F79C2000
Module End: F79C5000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F73B8000
Module End: F73CF000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F7BFF000
Module End: F7C0A000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F7BEF000
Module End: F7BFB000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F87DE000
Module End: F87E3000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F73A7000
Module End: F73B8000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F7BDF000
Module End: F7BE8000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F87E6000
Module End: F87EB000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F87EE000
Module End: F87F3000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7BCF000
Module End: F7BD9000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F87F6000
Module End: F87FC000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F87FE000
Module End: F8804000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F8A36000
Module End: F8A38000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\update.sys
Service Name: Update
Module Base: F7349000
Module End: F73A7000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F79B2000
Module End: F79B6000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7B7F000
Module End: F7B89000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F78E5000
Module End: F78F4000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F8A5C000
Module End: F8A5E000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: F89AE000
Module End: F89B2000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: F8876000
Module End: F887B000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F8A66000
Module End: F8A68000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: F8886000
Module End: F888C000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F888E000
Module End: F8895000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F8896000
Module End: F889C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F8A68000
Module End: F8A6A000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F8A6A000
Module End: F8A6C000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F88A6000
Module End: F88AE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F89C2000
Module End: F89C5000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F5A76000
Module End: F5A89000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F5A1D000
Module End: F5A76000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F59F5000
Module End: F5A1D000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F59D3000
Module End: F59F5000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F8576000
Module End: F857F000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F88AE000
Module End: F88B4000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F59A8000
Module End: F59D3000
Hidden: No
Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
Service Name: OMCI
Module Base: F89DA000
Module End: F89DE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F5938000
Module End: F59A8000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F85A6000
Module End: F85B1000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F5912000
Module End: F5938000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F86A6000
Module End: F86AF000
Hidden: No
Module Name: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: F5846000
Module End: F58A8000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: F5824000
Module End: F5846000
Hidden: No
Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: F8A6E000
Module End: F8A70000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: F88C6000
Module End: F88CE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: F89EE000
Module End: F89F1000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F85E6000
Module End: F85EF000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\LUsbFilt.Sys
Service Name: LUsbFilt
Module Base: F88E6000
Module End: F88EC000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\WDFLDR.SYS
Service Name: ---
Module Base: F85F6000
Module End: F8604000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\wdf01000.sys
Service Name: Wdf01000
Module Base: F55F1000
Module End: F5662000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
Service Name: LHidFilt
Module Base: F88EE000
Module End: F88F6000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: F81B2000
Module End: F81B5000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
Service Name: LMouFilt
Module Base: F88F6000
Module End: F88FE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbscan.sys
Service Name: usbscan
Module Base: F81AE000
Module End: F81B2000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: F88FE000
Module End: F8905000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: F81A6000
Module End: F81AA000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F47AB000
Module End: F47BB000
Hidden: No
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F4554000
Module End: F456C000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8A04000
Module End: F8A06000
Hidden: Yes
Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F474B000
Module End: F474E000
Hidden: No
Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F46A1000
Module End: F46A6000
Hidden: No
Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F8C35000
Module End: F8C36000
Hidden: No
Module Name: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: F344E000
Module End: F3463000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: F7905000
Module End: F790F000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: F8B21000
Module End: F8B22000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: F3439000
Module End: F344E000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: F4D0A000
Module End: F4D0E000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: F8A44000
Module End: F8A46000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: F4681000
Module End: F4688000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: F78F5000
Module End: F78FE000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: F8B28000
Module End: F8B29000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: F3421000
Module End: F3439000
Hidden: No
Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: F3408000
Module End: F3421000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F347B000
Module End: F347F000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: F2A9B000
Module End: F2AC8000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: F2A5E000
Module End: F2A73000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: F7BAF000
Module End: F7BBE000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\srv.sys
Service Name: Srv
Module Base: F26E0000
Module End: F2738000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: F28FC000
Module End: F28FF000
Hidden: No
Module Name: \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
Service Name: FsUsbExDisk
Module Base: F24B0000
Module End: F24B9000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: F16D5000
Module End: F16F9000
Hidden: No
Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: F15F9000
Module End: F1624000
Hidden: No
Module Name: C:\WINDOWS\System32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: F87D6000
Module End: F87DD000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: F8A1E000
Module End: F8A20000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F8B3D000
Module End: F8B3E000
Hidden: No
Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F889E000
Module End: F88A3000
Hidden: No
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F8BBC8DE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwCreateThread
Address: F8BBC8D4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteKey
Address: F8BBC8E3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwDeleteValueKey
Address: F8BBC8ED
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwLoadKey
Address: F8BBC8F2
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenProcess
Address: F8BBC8C0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwOpenThread
Address: F8BBC8C5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwReplaceKey
Address: F8BBC8FC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwRestoreKey
Address: F8BBC8F7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
Function Name: ZwSetValueKey
Address: F8BBC8E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: VICKIS4600.DOMAIN.INVALID:3304
Remote Address: IAD04S01-IN-F157.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED
Local Address: VICKIS4600.DOMAIN.INVALID:3303
Remote Address: IAD04S01-IN-F157.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED
Local Address: VICKIS4600.DOMAIN.INVALID:3302
Remote Address: MPR1.NGD.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:3301
Remote Address: IAD04S01-IN-F96.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED
Local Address: VICKIS4600.DOMAIN.INVALID:3300
Remote Address: IAD04S01-IN-F96.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED
Local Address: VICKIS4600.DOMAIN.INVALID:3298
Remote Address: MPR1.NGD.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:3290
Remote Address: 199.16.172.126:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:3288
Remote Address: 199.16.172.18:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:3281
Remote Address: YO-IN-F101.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED
Local Address: VICKIS4600.DOMAIN.INVALID:3280
Remote Address: VIP1.G-ANYCAST1.CACHEFLY.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:3279
Remote Address: VIP1.G-ANYCAST1.CACHEFLY.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:3278
Remote Address: SCALER01-CTS.NETLINE.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:1072
Remote Address: A72-247-243-25.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Common Files\Java\Java Update\jusched.exe
State: CLOSE_WAIT
Local Address: VICKIS4600.DOMAIN.INVALID:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: SYSTEM
State: LISTENING
Local Address: VICKIS4600:5354
Remote Address: LOCALHOST:1035
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: VICKIS4600:5354
Remote Address: LOCALHOST:1034
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: VICKIS4600:5354
Remote Address: LOCALHOST:1033
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: VICKIS4600:5354
Remote Address: LOCALHOST:1032
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED
Local Address: VICKIS4600:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING
Local Address: VICKIS4600:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING
Local Address: VICKIS4600:1037
Remote Address: LOCALHOST:668
Type: TCP
Process: C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
State: ESTABLISHED
Local Address: VICKIS4600:1035
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
State: ESTABLISHED
Local Address: VICKIS4600:1034
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
State: ESTABLISHED
Local Address: VICKIS4600:1033
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
State: ESTABLISHED
Local Address: VICKIS4600:1032
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
State: ESTABLISHED
Local Address: VICKIS4600:1031
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING
Local Address: VICKIS4600:668
Remote Address: LOCALHOST:1037
Type: TCP
Process: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
State: ESTABLISHED
Local Address: VICKIS4600:668
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
State: LISTENING
Local Address: VICKIS4600:9322
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
State: LISTENING
Local Address: VICKIS4600:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: SYSTEM
State: LISTENING
Local Address: VICKIS4600:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING
Local Address: VICKIS4600.DOMAIN.INVALID:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: VICKIS4600.DOMAIN.INVALID:138
Remote Address: NA
Type: UDP
Process: SYSTEM
State: NA
Local Address: VICKIS4600.DOMAIN.INVALID:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: SYSTEM
State: NA
Local Address: VICKIS4600.DOMAIN.INVALID:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: VICKIS4600:1043
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA
Local Address: VICKIS4600:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA
Local Address: VICKIS4600:49176
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: VICKIS4600:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: VICKIS4600:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA
Local Address: VICKIS4600:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA
Local Address: VICKIS4600:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: SYSTEM
State: NA
******************************************************************************************
******************************************************************************************
No hidden files/folders found


----------



## eddie5659 (Mar 19, 2001)

Finally, something worked 

But no rootkit showing there, so can you post a fresh OTL log, but follow as this instead.

Delete the OTL that you have on your Desktop, and download and run as follows:

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## human_error (Feb 5, 2010)

here is the new OTL log

OTL logfile created on: 11/7/2010 5:35:59 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\The Cook's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 174.00 Mb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 45.28 Gb Free Space | 60.78% Space Free | Partition Type: NTFS

Computer Name: VICKIS4600 | User Name: The Cook's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 17:35:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
PRC - [2010/11/06 11:55:18 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/06 11:55:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/06 11:55:16 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/02 10:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 15:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/12/03 15:52:32 | 000,670,864 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/08/05 11:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2009/08/03 08:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/03/05 18:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/07 17:35:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [Unknown | Stopped] -- -- (idsvc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/06 11:55:18 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/06 11:55:16 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/02 10:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/29 16:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/12/03 15:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/08/05 11:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/02/19 08:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2004/08/30 22:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2004/01/05 02:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THECOO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/06 11:55:18 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/06 11:55:18 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/10 06:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 06:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 06:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/19 08:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 15:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/03/29 14:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006/10/26 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/30 22:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2004/08/30 22:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/08 04:05:16 | 000,014,356 | ---- | M] (MainData s.r.o) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hnetsun.sys -- (HNetSuN)
DRV - [2003/08/28 18:58:00 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 01:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 01:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 01:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 03:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 11:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 11:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/08/28 21:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 74 26 AD 8C 2E CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2010/10/23 21:32:40 | 000,000,000 | ---D | M]

[2010/03/30 15:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions
[2010/03/30 15:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/03 21:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Extensions\[email protected]
[2010/05/21 14:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions
[2009/09/03 21:26:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/08 22:05:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/13 14:55:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2010/05/21 14:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\[email protected]
[2009/03/13 12:20:05 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\searchplugins\live-search.xml
[2009/11/30 09:57:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/20 16:30:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/17 17:28:00 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/10/17 17:28:01 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/12/15 11:59:16 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/12/15 11:59:08 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/03/03 09:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/11/03 17:50:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - Reg Error: Value error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: usahc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: usateamcorp.com ([www] http in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://www.gamehouse.com/games/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Cook's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/26 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 17:35:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/11/05 19:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Desktop\SysProt
[2010/11/04 11:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/02 20:15:47 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\The Cook's\Desktop\RootRepeal.exe
[2010/11/02 00:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\Avira
[2010/10/31 16:35:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/28 19:14:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/28 19:14:03 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/28 19:14:03 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/28 19:14:03 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/28 19:14:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/28 19:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/28 19:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/28 18:49:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/10/28 17:23:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/28 17:23:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/28 17:23:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/28 17:23:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/28 16:44:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 21:24:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 18:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/24 00:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2010/10/24 00:25:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/24 00:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/24 00:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/24 00:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 21:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/10/23 21:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\WinRAR
[2010/10/23 21:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/23 21:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Cook's\Application Data\AVS4YOU
[2010/10/23 21:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
[2010/10/23 21:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/10/23 21:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010/10/23 21:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/10/23 21:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/10/23 21:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/10/23 20:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(3)
[2010/10/23 19:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games(4)
[2010/10/21 03:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech(2)
[2006/10/10 12:35:34 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 17:35:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\OTL.exe
[2010/11/07 17:33:37 | 000,439,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 17:33:37 | 000,071,626 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 17:30:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/07 17:29:24 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/07 17:29:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 16:06:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/06 11:55:18 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/06 11:55:18 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/05 19:01:10 | 000,354,396 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\SysProt.zip
[2010/11/03 17:50:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/02 20:15:51 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\The Cook's\Desktop\RootRepeal.exe
[2010/11/02 00:49:35 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\gmer.zip
[2010/10/30 23:56:20 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/10/30 17:26:04 | 000,234,601 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housefront2.jpg
[2010/10/30 17:25:53 | 000,363,427 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseview.jpg
[2010/10/30 17:25:37 | 000,267,410 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housecarback.jpg
[2010/10/30 17:14:47 | 000,273,365 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseback.jpg
[2010/10/30 17:14:27 | 000,165,758 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseshop.jpg
[2010/10/30 17:14:20 | 000,219,051 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseliving.jpg
[2010/10/30 17:14:08 | 000,251,224 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housekitchen.jpg
[2010/10/30 17:13:54 | 000,247,794 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housedining.jpg
[2010/10/30 16:23:28 | 000,311,333 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housefront.jpg
[2010/10/30 16:23:23 | 000,259,814 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\housegarage.jpg
[2010/10/30 16:22:32 | 000,280,102 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\houseriver.jpg
[2010/10/28 19:14:25 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 19:12:37 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 01:07:32 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/27 21:24:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Cook's\Desktop\TFC.exe
[2010/10/24 04:11:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/10/24 00:40:53 | 000,407,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/23 23:34:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/23 23:26:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/08 19:35:23 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\The Cook's\Desktop\Microsoft Word.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 19:01:07 | 000,354,396 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\SysProt.zip
[2010/11/02 00:49:34 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\gmer.zip
[2010/10/30 17:26:04 | 000,234,601 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housefront2.jpg
[2010/10/30 17:25:53 | 000,363,427 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseview.jpg
[2010/10/30 17:25:37 | 000,267,410 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housecarback.jpg
[2010/10/30 17:14:47 | 000,273,365 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseback.jpg
[2010/10/30 17:14:27 | 000,165,758 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseshop.jpg
[2010/10/30 17:14:20 | 000,219,051 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseliving.jpg
[2010/10/30 17:14:08 | 000,251,224 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housekitchen.jpg
[2010/10/30 17:13:54 | 000,247,794 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housedining.jpg
[2010/10/30 16:23:28 | 000,311,333 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housefront.jpg
[2010/10/30 16:23:23 | 000,259,814 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\housegarage.jpg
[2010/10/30 16:22:31 | 000,280,102 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\houseriver.jpg
[2010/10/28 19:14:25 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 19:12:09 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\avira_antivir_personal_en.exe
[2010/10/28 17:23:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/28 17:23:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/28 17:23:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/24 18:48:02 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\The Cook's\Desktop\HiJackThis.lnk
[2010/10/22 13:43:14 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/10/22 13:43:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/10/22 13:43:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/10/22 13:43:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/10/22 13:43:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/10/22 13:43:13 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/22 13:43:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/10/22 13:43:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/10/22 13:43:13 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/22 13:43:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/10/22 13:43:13 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/09/09 13:48:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/09/09 13:48:50 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/09/09 13:48:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\$_hpcst$.hpc
[2010/02/19 14:51:29 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JPR.{PB
[2010/02/19 14:51:29 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\PFP120JCM.{PB
[2009/10/17 22:51:36 | 000,207,184 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\c4u.log
[2009/10/17 15:20:56 | 000,016,130 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\clear.log
[2009/02/24 16:40:37 | 000,200,980 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\installer.log
[2008/03/16 19:53:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/16 18:38:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MVPWORD.INI
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 17:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 20:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/03/30 13:02:17 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/02/03 11:48:54 | 000,000,076 | ---- | C] () -- C:\WINDOWS\TwainUI.INI
[2006/10/26 17:38:42 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/26 17:38:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/19 19:03:33 | 000,001,567 | ---- | C] () -- C:\WINDOWS\bizpub32.INI
[2006/07/25 00:04:39 | 000,005,815 | ---- | C] () -- C:\Documents and Settings\The Cook's\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/25 00:04:39 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/20 18:49:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/06/19 18:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2006/04/15 15:45:40 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/15 15:45:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/02/20 21:23:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\The Cook's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/15 08:33:52 | 000,017,746 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/09/07 13:52:26 | 000,000,053 | ---- | C] () -- C:\WINDOWS\lcjd.dll
[2005/09/07 13:52:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\timejd.dll
[2005/02/24 13:08:56 | 000,004,981 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/10/21 14:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TV4PC.INI
[2004/10/12 11:33:25 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/05/20 12:10:32 | 000,000,054 | ---- | C] () -- C:\WINDOWS\TwUI215.INI
[2004/03/27 12:41:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2004/03/26 18:53:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2004/03/26 18:23:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/26 17:50:55 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/26 17:34:27 | 000,001,613 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2004/03/26 17:20:44 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/03/26 10:56:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/08/14 01:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 15:35:28 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 15:26:42 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/05/13 10:28:52 | 001,132,032 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/04/04 11:59:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ACNePlayer.dll

========== LOP Check ==========

[2009/03/26 23:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/11/02 01:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/03/15 15:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/28 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/08/19 10:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2010/10/24 00:25:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/19 10:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/03/30 11:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2010/03/10 23:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/04/10 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/09/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/04/05 17:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/07/15 12:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2006/11/02 02:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HSLAB
[2009/03/29 14:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2009/03/07 15:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/10/01 19:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/19 10:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/10/24 00:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/17 19:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/08/13 23:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/10/02 23:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/18 19:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2009/05/20 16:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/23 21:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/03 23:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/01/15 21:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/11/15 19:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2009/04/12 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2007/12/06 01:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/09/09 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/01/18 16:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2007/10/07 22:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2010/03/19 23:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/10/31 22:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/01 20:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2009/09/03 21:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2006/10/31 17:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/12 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2008/01/22 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/06/09 13:00:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2006/10/31 17:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Aim
[2009/07/04 20:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AlwaysNeat
[2010/10/24 00:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\AVG10
[2009/07/07 23:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\cerasus.media
[2010/09/09 14:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\CocoonSoftware
[2004/03/26 18:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Earthlink
[2010/01/31 14:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\EnchantedCavern
[2008/09/03 19:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Eyeblaster
[2009/05/21 01:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FairyTale
[2010/11/02 18:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FileZilla
[2010/10/23 23:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\FilmLoop
[2010/03/10 23:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Flood Light Games
[2010/01/15 21:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Friday's games
[2009/08/19 15:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\funkitron
[2009/03/13 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameHouse
[2010/04/14 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GameMill Entertainment
[2008/01/13 21:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\GetRightToGo
[2009/07/15 12:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Gogii Games
[2008/01/13 18:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\gtk-2.0
[2006/11/02 02:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\HSLAB
[2010/03/05 04:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\IronCode
[2009/04/04 14:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Jetsetter
[2009/03/10 19:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\JewelMatch2
[2004/03/28 06:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Leadertech
[2008/10/15 19:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\LTOA
[2009/04/18 17:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Meridian93
[2006/08/30 03:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Netscape
[2010/09/09 13:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PC Suite
[2008/10/19 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Pi Eye Games
[2009/03/03 23:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PlayFirst
[2009/04/12 01:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PoBros
[2009/05/26 03:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\PreCast
[2010/04/15 20:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Purple Patch Games
[2004/10/07 17:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\RhinoSoft.com
[2010/09/09 13:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Samsung
[2009/07/01 21:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\StoneLoopsRL
[2010/09/23 14:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Temp
[2006/06/19 07:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\The Labyrinth Plus! Edition
[2010/03/30 15:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Thunderbird
[2010/01/23 20:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\TMInc
[2009/05/24 15:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Total Eclipse
[2006/10/03 18:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Ulead Systems
[2009/06/30 03:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\URSE Games
[2009/04/12 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Valusoft
[2006/11/05 00:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Cook's\Application Data\Wildfire

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP16E7091
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
< End of report >


----------



## human_error (Feb 5, 2010)

I've tried running the OTL program twice and am unable to obtain a notepad file called Extras.txt. I've searched the computer and can't find anything stored under that name.


----------



## eddie5659 (Mar 19, 2001)

That's okay, I'll just look at the list you have, and if need be, we'll look at something else.

Back in a bit


----------



## eddie5659 (Mar 19, 2001)

Okay, firstly, did you say that you have uninstalled AVG? If so, do the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\Documents and Settings\The Cook's\Application Data\Mozilla\Firefox\Profiles\hiko01mb.default\extensions\[email protected]
C:\Documents and Settings\The Cook's\Application Data\AVG10
C:\Documents and Settings\All Users\Application Data\AVG10
C:\Program Files\AVG
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Let the program run unhindered, reboot the PC when it is done 

-----------

Then, use this to update your Java:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Open JavaRa.exe again and select *Search For Updates*. 
Select *Update Using Sun Java's Website* then click Search and click on the *Open Webpage* button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

--------------

And then lets run this tool as well:

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## human_error (Feb 5, 2010)

zip file is attached


----------



## eddie5659 (Mar 19, 2001)

Download the attachment at the end of this post. This will be your *RSReport* file, with the fixes I need you to do.


Save it to your desktop, then extract the *RSReport.run* file to your Desktop, overwriting the existing one.
Open the runscanner folder and double click on the *runscanner.exe* file.
This time select the *Expert Mode*
Click the button *Open Run File*
Click on the *RSReport file*, and select Open
click the *Item Fixer* tab
Click the button at the top called *Fix selected items*
Accept the warning(s) and repeat until they are all gone.
Reboot your PC
Post a fresh HijackThis log


----------



## human_error (Feb 5, 2010)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:32 PM, on 11/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8515 bytes


----------



## eddie5659 (Mar 19, 2001)

Looks good, how's the computer running now?

Bit concerned that combofix didn't run. Could you delete the one you have, redownload as follows, and see if that works.

If not, and its not a format so don't worry, but do you have your Windows disk? It may be a good idea to run a scan to repair any files on the computer, of which I'll explain afterwards 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## human_error (Feb 5, 2010)

The computer still seems quite slow with the HD chugging almost nonstop. In addition, the system has been freezing more frequently than in the past. And I seem to be getting odd popups periodically. At startup, there are 38 processes running and maybe that's contributing to the problem.

I have all the discs that came with the PC when it was purchased. Not sure exactly which one you are referring to but I'm sure I can locate it quickly if need be.

I redownloaded ComboFix, disabled Avira, and attempted to run a scan. As happened previously, ComboFix seemed to be running fine and then all of a sudden, I received a blue screen error and the OS shut down.


----------



## eddie5659 (Mar 19, 2001)

Okay, lets try this first.

Go to start | Run and type this in:

*cmd*

And press Enter

Now, in the box that pops up, type the following. Note the space before the /:

*sfc /scannow*

And press Enter.

This will scan your system for any corrupted files, and may replace them. If Windows was preinstalled, it should be able to locate the originals in the cab files.

If not, you're looking for the Windows XP disk, that should have the product ID number on it. Don't type the number here, its just so you know which one to look for 

It may take a while, so grab a cuppa 

Let me know if there are any problems/questions.

eddie


----------



## human_error (Feb 5, 2010)

Tried running the scan you suggested and got the following popup:

Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain stability, Windows must restore the original versions of these files. Insert your Windows XP Home Edition Service Pack 3 CD now.

I then had a choice of retry, more info, or cancel. I hit cancel so I'm unsure whether those files were replaced or not.

I rebooted and the system seems to be running without any stablity issues.

I think I found the disc you referred to. It is labeled Operating System -- reinstallation CD Microsoft Windows XP Home Edition Service Pack 2. It has the COA with it as well as product ID.

On another note, yesterday I had another strange popup which may be related to my inability to run these scans. I'm running Carbonite (which is an offsite hard drive backup). The popup read as follows:

Windows-Delayed Write Failure
Windows was unable to save all the data for the file c:/Documents and Settings/All Users/Application Data/Carbonite Back Up\Carbonite.log. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

The only option to select was OK.

May be entirely unrelated but thought I'd mention it just in case it means something to you.


----------



## eddie5659 (Mar 19, 2001)

Okay, the disk that you found with the COA on is the one you want. If you pressed Cancel, then none of the files were replced.

It just means that over time, some files needed by Windows to run smoothly, can become corrupted, and it just needs replacaing with a good copy.

If you try it again, but firstly pop the CD into the drive. When the Welecome to Windows pops up, as in when it autostarts, just close it and then run the scan.

Any files that are needed you will see the drive accessing the CD, getting the good files. It may take a while, I did mine a week or so ago, and it took an hour, even with a few replacing of files that it automatically did.

As for carbonite, I'll have a look at that after you've run the sfs scan 

And will trim some things to speed the pc up as well 

eddie


----------



## human_error (Feb 5, 2010)

I ran the scan and it took about as long as you predicted. Awaiting your next instruction. Thanks.


----------



## eddie5659 (Mar 19, 2001)

Okay, can you post a fresh HijackThis log, and we'll look at the startup


----------



## human_error (Feb 5, 2010)

here's the newly-created hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:38:57 AM, on 11/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8580 bytes


----------



## eddie5659 (Mar 19, 2001)

Bit late home, plus internet has just started to work a few mins ago 

Okay, there is something in your log I want to remove, so lets see if this works:

Download the *HostsXpert 4.3 - Hosts File Manager*.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

------

Also, are the My Documents and My Computer still not on the Desktop?

----

I have seen a file that you have that makes me think of a program I used a while ago that could do the removing of files/folders, tweaking etc, so can you do this for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*tweakui*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

------------

Also, can you post a fresh HijackThis log as well


----------



## human_error (Feb 5, 2010)

Downloaded the HostsXpert and ran the scan per your instructions. I saved as C:\mydocuments\... not sure if that is what you refer to as a custom Hosts file. If so, let me know and I'll run it again.

My Documents and My Computer still are not on my desktop nor are they available to click on when I right click on the desktop > Properties > Desktop > customize desktop. They still appear greyed out.

Here is the systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:04 on 24/11/2010 by The Cook's
Administrator - Elevation successful
========== filefind ==========
Searching for "*tweakui*"
No files found.
-= EOF =-

And here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:27 PM, on 11/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8567 bytes

Thanks for your continued help.

Vicki


----------



## eddie5659 (Mar 19, 2001)

Will have a look at this when I get home, but can you also try this for me:

Can you also try something else for me?

Have a look here, and see if the file below is showing

*C:\Windows\MEMORY.DMP*

It may contain answers as to any driver problems, hardware issues etc.

Could you try zipping it up, and see if it will upload here. If not, let me know:

Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *Memory.zip* on your computer.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## human_error (Feb 5, 2010)

Tried using Windows Explorer to find that file but was unable to see it. Then ran search for .dmp and found one instance in c:\Documents and Settings\All Users\Application Data\Microsoft\DrWatson\user.dmp. Not sure if that's the file you might be able to use but in any case, I was unable to find it to attach it.

In addition, over the past several days, I've notice that the PC has become very unstable. Several times each day, while the graphics remain on the monitor, all the text seems to disappear. Also, not infrequently, the graphics seems to flash. The only fix I've found is to reboot, which eliminates the problem entirely for a short time.

I've tried two monitors on the PC to see if it might be a monitor issue and both have experienced the same condition. Could this perhaps be a symptom of a viral problem?

Thanks for your continued assistance.

Vicki


----------



## eddie5659 (Mar 19, 2001)

The memory.dmp file was just an idea, as not all computers have them, if they haven't been created.

I have a feeling it may be a hardware issue, with the symptons you state.

I have some ideas on the missing icon's on your Desktop, but lets get the graphics thing look at first.

I'll just grab someone that know's more on the hardware areas, as it may be the fan or graphic's card needing a look at.

Back in a min...


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like it may actually be due to the version of Avira Antivirus you have.

Do you know which version of definitions you're using?

You can find detailed version information on AntiVir's main screen: in the Help menu, select About Avira AntiVir... and click on the Version information tab. It contains the list of the most important program files with version and date of the last update.

There's not a fix at the moment, and most users have had to roll back to an earlier version, and disable the automatic updates:

http://forum.avira.com/wbb/index.php?page=Thread&postID=1026557#post1026557

Or, you may want to uninstall fully, and install a different Antivirus.

This is what I have, and I find it great:

*Avast Home Edition*

Let me know if that solves the graphics problem, or any question just ask 

eddie


----------



## human_error (Feb 5, 2010)

Decided it wasn't worth keeping Avira if having to turn off the automatic updates was the best alternative to keeping the graphics intact. Seems to kind of defeat the purpose of an antivirus.

Took your advice. Removed Avira and downloaded Avast!

Also checked to see if I was running the most current graphics driver. I'm embarrassed to say the version I was running was from 2006. Just downloaded the most current driver which might also help resolve any graphics difficulties I've been experiencing.

You're so incredibly brilliant when it comes to getting issues resolved! My sincere appreciation for all your efforts on my behalf.

Vicki:up:


----------



## eddie5659 (Mar 19, 2001)

No problem 

Has that solved the graphics problem?

If so, we'll look at a few other things, then onto the missing desktop icons 

eddie


----------



## human_error (Feb 5, 2010)

The graphics problems haven't reared their ugly head since I downloaded the new driver and got rid of Avira. Seems wonderful not to have to reboot every few hours.


----------



## eddie5659 (Mar 19, 2001)

I assume the icons on the Desktop are still missing, or have they reappeared after uninstalling Avira?

Either way, can you run this so we can see where we are 


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

eddie


----------



## human_error (Feb 5, 2010)

My Documents and My Desktop icons are still missing and are still not choices when I right click on desktop >properties >desktop >customize desktop.

Here is one log that you requested. I can't seem to find the one that is minimized.

Logfile of random's system information tool 1.08 (written by random/random)
Run by The Cook's at 2010-11-29 18:15:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 51 GB (67%) free of 76 GB
Total RAM: 511 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:58 PM, on 11/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\The Cook's\Desktop\RSIT.exe
C:\Program Files\trend micro\The Cook's.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9067 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 399424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-08 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-08 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-21 399424]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-08-03 1626112]
"Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2009-12-03 670864]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-03-05 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
C:\WINDOWS\system32\conime.exe [2008-04-13 27648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-01-27 1312848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
C:\Program Files\FilmLoop Player\FilmLoop.exe -hide []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe [2007-03-06 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCW Startup]
C:\Program Files\Monitor Calibration Wizard\MCW.exe [2002-12-20 321024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2006-10-22 7700480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2010-01-29 64592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoInternetIcon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe"="C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter"
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe"="C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics"
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe"="C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility"
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe"="C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater"
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe"="C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer"
"C:\Program Files\FileZilla Client\filezilla.exe"="C:\Program Files\FileZilla Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-11-29 18:04:23 ----D---- C:\rsit
2010-11-27 12:02:09 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-11-27 12:01:39 ----D---- C:\NVIDIA
2010-11-27 11:53:01 ----D---- C:\Program Files\SystemRequirementsLab
2010-11-27 11:49:03 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-27 11:49:02 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-27 11:48:58 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-27 11:48:49 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-27 11:48:46 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-27 11:48:46 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-27 11:48:46 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-27 11:48:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-18 21:25:16 ----D---- C:\Program Files\Borland
2010-11-12 19:24:04 ----SD---- C:\ComboFix
2010-11-08 18:29:01 ----D---- C:\Documents and Settings\The Cook's\Application Data\Runscanner.net
2010-11-08 18:26:50 ----D---- C:\Program Files\Common Files\Java
2010-11-08 18:26:15 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-08 18:26:15 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-08 18:26:15 ----A---- C:\WINDOWS\system32\java.exe
2010-10-31 16:35:59 ----D---- C:\_OTL
======List of files/folders modified in the last 1 months======
2010-11-29 18:15:57 ----D---- C:\Program Files\Trend Micro
2010-11-29 18:04:40 ----D---- C:\WINDOWS\Prefetch
2010-11-29 17:53:14 ----D---- C:\Documents and Settings\The Cook's\Application Data\FileZilla
2010-11-29 17:43:06 ----SHD---- C:\System Volume Information
2010-11-29 16:34:18 ----D---- C:\WINDOWS\Temp
2010-11-29 15:06:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-29 06:45:22 ----D---- C:\WINDOWS\Registration
2010-11-27 13:00:46 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-27 12:24:06 ----D---- C:\WINDOWS\system32
2010-11-27 12:12:26 ----SHD---- C:\WINDOWS\Installer
2010-11-27 12:12:23 ----D---- C:\Config.Msi
2010-11-27 12:08:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-27 12:07:58 ----HD---- C:\WINDOWS\inf
2010-11-27 12:07:25 ----D---- C:\WINDOWS
2010-11-27 12:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2010-11-27 12:05:19 ----D---- C:\WINDOWS\nview
2010-11-27 12:05:19 ----D---- C:\WINDOWS\Help
2010-11-27 12:02:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-27 12:02:34 ----D---- C:\WINDOWS\system32\drivers
2010-11-27 12:02:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-27 11:53:01 ----D---- C:\Program Files
2010-11-27 11:52:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-27 11:48:38 ----D---- C:\WINDOWS\WinSxS
2010-11-24 04:17:04 ----D---- C:\Program Files\FileZilla Client
2010-11-12 19:47:54 ----D---- C:\WINDOWS\Minidump
2010-11-12 19:35:32 ----D---- C:\WINDOWS\AppPatch
2010-11-12 19:35:28 ----D---- C:\Program Files\Common Files
2010-11-12 19:24:40 ----D---- C:\Qoobox
2010-11-10 02:10:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-08 18:25:57 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-08 18:15:11 ----D---- C:\Program Files\Java
2010-11-08 18:02:43 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-08 01:20:24 ----AC---- C:\WINDOWS\MBR.exe
2010-11-03 17:50:44 ----SD---- C:\WINDOWS\Tasks
2010-11-02 01:47:13 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
2010-11-02 00:57:07 ----D---- C:\WINDOWS\network diagnostic
2010-11-02 00:57:07 ----AC---- C:\WINDOWS\ntbtlog.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2003-07-31 84576]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2003-07-30 17168]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 36224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-11-10 35984]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-11-10 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-11-10 28560]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\THECOO~1\LOCALS~1\Temp\catchme.sys []
S3 HNetSuN;MainData Hybrid-Net Single User Adapter; C:\WINDOWS\System32\DRIVERS\hnetsun.sys [2003-09-08 14356]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-01-05 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-01-05 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-01-05 21488]
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SDdriver;SDdriver; \??\C:\WINDOWS\System32\Drivers\sddriver.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2009-12-03 1980560]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-02-19 233472]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2010-09-02 176408]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-08 153376]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S2 NProtectService;Norton Unerase Protection; C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE [2004-08-30 95328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-01-29 292944]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-01-05 65795]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------


----------



## eddie5659 (Mar 19, 2001)

Well, its looking a lot cleaner, we can just run an online scan and then clean up.

And we'll sort the desktop icons out after 

I'm just curious if ComboFix will now run, as I'm hoping the Avira may have been causing the problem.

Can you delete the ComboFix you have, and try with this one:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

--------------

If it still doesn't work, we'll give that a miss. Also, can you run an online scan here:

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
 Click the *Save report...* button.










 Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply

eddie


----------



## human_error (Feb 5, 2010)

ComboFix is still a no-go. It shut down Windows totally partway through. But the error I received was different than before. Here is what it said:

The problem seems to be caused by the following file: catchme.sys

PAGE_FAULT_IN_NONPAGED_AREA

Technical information:

stop: 0x00000050 (0xFA6B300,Ox00000001,0xF883208D,Ox00000000)

catchme.sys - Address F883208D base at F882E000, Datestamp 49d3495d

Beginning dump of physical memory.

Physical memory dump complete.

Don't know if any of this will be important or not but thought it just might point to what's causing a memory dump, which we spoke of previously.

On to step #2...


----------



## human_error (Feb 5, 2010)

this is just not my lucky day, i guess...

Kapersky failed to update. It ran for a long time and then I got a pop up saying to download from the Kapersky Lab website. It also mentioned something about the update being past the expiry (although I'm quite sure that this was not the exact wording...just failed to write it down and trying now to remember). Would you perhaps have a different link I could use?


----------



## eddie5659 (Mar 19, 2001)

Thanks for posting the error, I've let the developer know, so hopefully we'll get a reason as to why that is happening :up:

As for the online scan, looks like that site is having problems for a few weeks now, was hoping it was sorted.

I'm going to have a look at that this weekend, and see what it fully says 

Try this instead:

Save these instructions so you can have access to them while in Safe Mode.

Please click *here* to download AVP Tool by Kaspersky. 

Save it to your desktop. 
Reboot your computer into SafeMode. 
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. 
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it. 
Click Next to continue. 
Accept the Licence agreement and click on next 
It will by default install it to your desktop folder.Click Next. 
It will then open a box There will be a tab that says Automatic scan. 
Under Automatic scan make sure these are checked. 

Hidden Startup Objects 
System Memory 
Disk Boot Sectors. 
My Computer. 
Also any other drives (Removable that you may have) 

Leave the rest of the settings as they appear as default.


Then click on Scan at the to right hand Corner. 
It will automatically Neutralize any objects found. 
If some objects are left un-neutralized then click the button that says Neutralize all 
If it says it cannot be Neutralized then chooose The delete option when prompted. 
After that is done click on the reports button at the bottom and save it to file name it *Kas*. 
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it. ​*
*​*
eddie


----------



## eddie5659 (Mar 19, 2001)

Okay, have an answer to the ComboFix problem, but just need confirm that this is what you have:



> Removed Avira and downloaded Avast


As in Antivirus. If so, I'll be back with some kind of solution 

eddie


----------



## human_error (Feb 5, 2010)

Yes, I am currently running avast! Antivirus (free version).


----------



## eddie5659 (Mar 19, 2001)

Okay, lets try this:

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download *AppRemover* and run it.

Click *Next >>* 









Ensure "*Clean Up a Failed Uninstall*" is collected and click *Next >>* 









*AppRemover* will scan all the security applications on your PC 









Select Any *Avira/b] entries from the applications offered and click Next >> twice. 









Follow any further on-screen instructions. If asked to reboot,please do so. If no Security program is found, then just close the program 

 
Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

eddie*


----------



## human_error (Feb 5, 2010)

Removed avast! antivirus. Downloaded and ran AppRemover. No security programs found. Reinstalled avast! 

Should I now go back to your previous instruction (before the AppRemover program) and proceed with that? 

Thanks.

Vicki


----------



## eddie5659 (Mar 19, 2001)

Okay, well hopefully ComboFix should run now, as I have it installed as well.

So, to disable it can you do this:

Rightclick on the icon by the clock, and select the highlighted option as follows:










Then, redownload ComboFix again (delete the version you have already) from here:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *

Then see if it will run. Hopefully it should, as like I say I have it, and it works fine on mine.

If still no joy, then just do the scan using the AVP Tool by Kaspersky as mentioned before the AppRemover 

eddie


----------



## human_error (Feb 5, 2010)

Hi there, I'm back!!!!

Downloaded combofix from the first link. A popup said that a newer version was available and did I want to use the newer version. I said no.

Unfortunately, once again the program shut down Windows in the same place it has in the past, after Stage 50.

I'm going to go back and follow your other instructions now and will post the results later.


----------



## human_error (Feb 5, 2010)

Here is the result of that virus scan. Looks like it caught quite a bit. 


1/7/2011 10:11:38 PM Task started 
1/7/2011 10:57:36 PM Detected: Trojan-Downloader.Win32.Adload.vbo C:\Documents and Settings\The Cook's\My Documents\downloaded software\Backgammon-Setup.exe/data0010 
1/7/2011 11:51:49 PM Detected: Hoax.Win32.Screensaver.b C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL 
1/8/2011 12:11:18 AM Deleted: Hoax.Win32.Screensaver.b C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL 
1/8/2011 12:11:55 AM Deleted: Trojan-Downloader.Win32.Adload.vbo C:\Documents and Settings\The Cook's\My Documents\downloaded software\Backgammon-Setup.exe 
1/8/2011 12:22:18 AM Detected: Backdoor.Win32.IRCNite.bti C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP275\A0077707.dll 
1/8/2011 12:41:13 AM Deleted: Backdoor.Win32.IRCNite.bti C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP275\A0077707.dll 
1/8/2011 12:41:46 AM Detected: not-a-virus:AdWare.Win32.FunWeb.ds C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP316\A0095927.DLL 
1/8/2011 12:49:22 AM Detected: Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP362\A0107418.DLL 
1/8/2011 3:15:51 AM Deleted: Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP362\A0107418.DLL 
1/8/2011 3:15:52 AM Deleted: not-a-virus:AdWare.Win32.FunWeb.ds C:\System Volume Information\_restore{22894B24-AA34-4B7C-8560-8192ABCA31F3}\RP316\A0095927.DLL 
1/8/2011 3:15:53 AM Task completed


----------



## eddie5659 (Mar 19, 2001)

Okay, going to go thru this thread again, to refresh myself


----------



## eddie5659 (Mar 19, 2001)

Okay, been thru it all, and made some notes.

So, firstly, can you scan this file:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\WINDOWS\system32\drivers\hnetsun.sys*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

Plus, can we see the details on it as follows:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
C:\WINDOWS\system32\drivers\hnetsun.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

==========

Now, you also have a driver that is known to cause many problems. I'll have a deeper look at that in a bit, as its 50/50 if its a cause.

==========

Do you use this program?

*FilmLoop Player*

No problem if you do, just want to see what there is 

=============

That's a start for now, lets see what the above gives 

eddie


----------



## human_error (Feb 5, 2010)

VirSCAN.org Scanned Report :
Scanned time : 2011/01/09 23:29:53 (EST)
Scanner results: Scanners did not find malware!
File Name : hnetsun.sys 
File Size : 14356 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : d0522108fefeb7d6126bc9cdb1b2ccc4
SHA1 : 8f8683d8c1c0965fb513b13a3701e506071e7908
Online report : http://virscan.org/report/fa963bf90ece8a02a4b914ee622bf4c3.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110108021734 2011-01-08 7.12 -
AhnLab V3 2011.01.10.00 2011.01.10 2011-01-10 2.23 -
AntiVir 8.2.4.134 7.11.0.248 2010-12-31 0.27 -
Antiy 2.0.18 20101228.6954489 2010-12-28 0.02 -
Arcavir 2010 201101101214 2011-01-10 0.06 -
Authentium 5.1.1 201101091929 2011-01-09 1.44 -
AVAST! 4.7.4 110109-1 2011-01-09 0.01 -
AVG 8.5.850 271.1.1/3370 2011-01-10 0.26 -
BitDefender 7.90123.6612504 7.35624 2011-01-10 5.98 -
ClamAV 0.96.5 12497 2011-01-10 0.01 -
Comodo 4.0 7345 2011-01-10 1.85 -
CP Secure 1.3.0.5 2011.01.08 2011-01-08 0.04 -
Dr.Web 5.0.2.3300 2011.01.10 2011-01-10 10.23 -
F-Prot 4.4.4.56 20110109 2011-01-09 1.49 -
F-Secure 7.02.73807 2011.01.09.02 2011-01-09 11.94 -
Fortinet 4.2.254 12.774 2011-01-09 0.20 -
GData 21.1517/21.602 20110110 2011-01-10 8.99 -
ViRobot 20110108 2011.01.08 2011-01-08 0.36 -
Ikarus T3.1.32.15.0 2011.01.10.77504 2011-01-10 4.90 -
JiangMin 13.0.900 2011.01.09 2011-01-09 1.99 -
Kaspersky 5.5.10 2011.01.09 2011-01-09 0.09 -
KingSoft 2009.2.5.15 2011.1.10.10 2011-01-10 0.86 -
McAfee 5400.1158 6221 2011-01-09 18.30 -
Microsoft 1.6402 2011.01.10 2011-01-10 5.23 -
Norman 6.06.12 6.06.00 2011-01-08 12.02 -
Panda 9.05.01 2011.01.09 2011-01-09 1.94 -
Trend Micro 9.200-1012 7.758.02 2011-01-09 0.03 -
Quick Heal 11.00 2011.01.07 2011-01-07 0.97 -
Rising 20.0 22.82.00.00 2011-01-10 2.13 -
Sophos 3.15.0 4.61 2011-01-10 3.07 -
Sunbelt 3.9.2464.2 8012 2011-01-09 0.65 -
Symantec 1.3.0.24 20110109.003 2011-01-09 0.33 -
nProtect 20110109.01 9561637 2011-01-09 13.76 -
The Hacker 6.7.0.1 v00112 2011-01-09 0.41 -
VBA32 3.12.14.2 20110106.1408 2011-01-06 3.33 -
VirusBuster 4.5.11.10 10.130.61/1989694 2011-01-03 2.53 -


----------



## human_error (Feb 5, 2010)

I ran SystemLook and here are the results:

SystemLook 04.09.10 by jpshortstuff
Log created at 23:35 on 09/01/2011 by The Cook's
Administrator - Elevation successful
========== filefind ==========
Searching for "C:\WINDOWS\system32\drivers\hnetsun.sys"
No files found.
-= EOF =-

I don't recall ever using FilmLoop Player. If you want me to delete it, that would be fine.


----------



## eddie5659 (Mar 19, 2001)

That's strange, it found the file to run the scan, but not the contents 

Anyway, its coming back clean, so should be okay.

For FilmLoop, if you uninstall via AddRemove Programs first, and then we can remove any remains after.

I'm also looking at the other file that I was mentioning earlier, however it may/may not be an option. Need to look at it more.

Let me know when you've uninstalled the FilmLoop. Also, can you re-run HijackThis for me 

eddie


----------



## human_error (Feb 5, 2010)

FilmLoop does not appear in Add/Remove Programs as a program nor does it appear as a program in Revo Uninstaller (love that program now that you've shown it to me). However, I did a search of my computer and found an empty folder in c:\Documents and Settings\TheCooks\Application Data\FilmLoop. I've now deleted that. Can't wait to get My Computer and My Documents back on the desktop as getting to files seems so convoluted and time consuming. When I go through Explorer, the highest level I can get to is Desktop currently.

Well, enough whining. On to HJT.


----------



## human_error (Feb 5, 2010)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:04 PM, on 1/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...YUS&si=&a=Sbz2DiFKbXEbOIuBku0Rvg&n=2010120104
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.usahc.com
O15 - Trusted Zone: http://www.usateamcorp.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224829979531
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex.com/client/T26L10NSP49EP10/support/ieatgpc.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9658 bytes


----------



## eddie5659 (Mar 19, 2001)

I see that you have MyWebSearch installed again. Did you install that yourself? Its normally the smillies etc?

If you did, we'll leave it, but I will remove this one:

Re-run HijackThis and select *Run a scan only*, then select this entry:

*R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080*

Click *Fix Checked* and reboot.

For the document folder problem, which folders are missing off your desktop? Is it just My Documents or is it My Computer and others as well?

eddie


----------



## human_error (Feb 5, 2010)

As far as I know, I've never installed MyWebSearch. I don't really even know what it is. And with that said, I probably don't need it at all.

As far the document folder problem, the icon for My Computer and My Documents are both missing from the desktop. I can right click on START and go to explore and get to the c: drive that way but it's more convenient with the icons if it is possible to restore them. When I right click on the desktop and go to properties > desktop > customize desktop, both My Documents and My Computer are greyed out and can't be selected. The only option available to select is My Network Places. At approximately the same time the icons went missing, the calculator in accessories also disappeared. Very mysterious...

One other question before I begin with tonight's fixes. Several times a day now, the CPU begins running at 100% and the PC is totally locked up. When I go to task manager/processes and look at the processes, explorer.exe, that's the one that is consuming the CPU. It's extremely inconvenient to reboot constantly so I'm wondering what it is that might be causing this problem.

I thought perhaps it was IE7 so I tried installing Mozilla Firefox. As soon as I did, i remember why I stopped using Firefox before. Every time I try to view page content such as videos on CNN, it asks for a flash player and then Firefox says it's not compatible.

Am I crazy? Is IE7 what's causing the CPU drain? Is there a way to fix it so that I don't have to reboot constantly and not have to use Firefox?

Thanks for the advice.

Now on to tonight's tasks.


----------



## eddie5659 (Mar 19, 2001)

With regards to MyWebSearch, it can be installed with some free programs, so you may not have known at the time.

If you go to AddRemove Programs, and see if you can uninstal from there. Then, run MBAM as before. It will need to update, and I have a feeling the program will as well.

If the program needs to be updated, let it and then you'll have to re-open the program again afterwards 

Then, post the log after the scan.

This is the post I said about MBAM:

http://forums.techguy.org/7659075-post3.html

Also, remove the entry in HijackThis, as mentioned above:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

Now, onto the hogging issue. Lets look at all the services you have running, as some may be okay to stop, which may speed things up a bit:

Download *Getservices.zip*

Extract the Zip file to your C drive. Once it is extracted there will be a directory called *Getservice*. Inside the C:\getservice directory will be a file called *getservice.bat *. Simply double-click on the *getservice.bat* file and when it is completed a notepad will open with a lot of information.

Copy/Paste the contents here.

It may be long, so if needbe, upload as an attachment 

eddie


----------



## human_error (Feb 5, 2010)

I removed MyWebSeach.

I redownloaded MBAM and ran it (with updates). The log is below. I thought everything was selected for deletion but reviewing the log, it's possible I somehow deselected some. Let me know if I need to rerun MBAM.

I removed the HJT entry.

I will post the results of GetServices in my next post.

As always, thanks for your help.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5514
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1/13/2011 8:14:50 PM
mbam-log-2011-01-13 (20-14-50).txt
Scan type: Quick scan
Objects scanned: 144674
Time elapsed: 15 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (PUP.PlaySushi) -> Not selected for removal.
Files Infected:
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome.manifest (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\install.rdf (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome\pstextlinks.jar (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\playsushiff.dll (PUP.PlaySushi) -> Not selected for removal.
c:\documents and settings\the cook's\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\playsushiff.xpt (PUP.PlaySushi) -> Not selected for removal.


----------



## human_error (Feb 5, 2010)

Here is the GetServices log:


SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2584
FLAGS : 
DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: avast! Antivirus
DISPLAY_NAME: avast! Antivirus
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1276
FLAGS : 
DESCRIPTION : Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Antivirus
DEPENDENCIES : aswMon2
: RpcSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: avast! Mail Scanner
DISPLAY_NAME: avast! Mail Scanner
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1276
FLAGS : 
DESCRIPTION : Implements mail scanning for avast! antivirus.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Mail Scanner
DEPENDENCIES : avast! Antivirus
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: avast! Web Scanner
DISPLAY_NAME: avast! Web Scanner
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1276
FLAGS : 
DESCRIPTION : Implements web (HTTP) scanning for avast! antivirus.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : avast! Web Scanner
DEPENDENCIES : avast! Antivirus
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Bonjour Service
DISPLAY_NAME: Bonjour Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 2036
FLAGS : 
DESCRIPTION : Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Bonjour\mDNSResponder.exe"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Bonjour Service
DEPENDENCIES : Tcpip
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: CarboniteService
DISPLAY_NAME: CarboniteService
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 192
FLAGS : 
DESCRIPTION : Carbonite Backup Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : CarboniteService
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: CryptSvc
DISPLAY_NAME: CryptSvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : CryptSvc
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 692
FLAGS : 
DESCRIPTION : Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 964
FLAGS : 
DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 496
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: FsUsbExService
DISPLAY_NAME: FsUsbExService
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 368
FLAGS : 
DESCRIPTION  : 
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\FsUsbExService.Exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : FsUsbExService
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: HidServ
DISPLAY_NAME: HID Input Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: iWinTrusted
DISPLAY_NAME: iWinTrusted
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 472
FLAGS : 
DESCRIPTION : iWin Trusted Game Service
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\iWin Games\iWinTrusted.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : iWinTrusted
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: JavaQuickStarterService
DISPLAY_NAME: Java Quick Starter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 708
FLAGS : 
DESCRIPTION : Prefetches JRE files for faster startup of Java applets and applications
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Java Quick Starter
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Kodak AiO Network Discovery Service
DISPLAY_NAME: Kodak AiO Network Discovery Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 864
FLAGS : 
DESCRIPTION : 
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Kodak AiO Network Discovery Service
DEPENDENCIES : Bonjour Service
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Server
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1016
FLAGS : 
DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: MDM
DISPLAY_NAME: Machine Debug Manager
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1036
FLAGS : 
DESCRIPTION : Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Machine Debug Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: NVSvc
DISPLAY_NAME: NVIDIA Display Driver Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1196
FLAGS : 
DESCRIPTION : Provides system and desktop level support to the NVIDIA display driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc32.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 496
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 508
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 508
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: RpcLocator
DISPLAY_NAME: Remote Procedure Call (RPC) Locator
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 636
FLAGS : 
DESCRIPTION : Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME : NT AUTHORITY\NetworkService
SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 776
FLAGS : 
DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
SERVICE_START_NAME : NT Authority\NetworkService
SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 508
FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS
DESCRIPTION : Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Secondary Logon
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT  : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : 
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1824
FLAGS : 
DESCRIPTION : Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE  : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 760
FLAGS : 
DESCRIPTION : Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 692
FLAGS : 
DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Time
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1908
FLAGS : 
DESCRIPTION : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME : NT AUTHORITY\LocalService
SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : 
TAG : 0
DISPLAY_NAME : Automatic Updates
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: WudfSvc
DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 872
FLAGS : 
DESCRIPTION : Manages user-mode driver host processes
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework
DEPENDENCIES : PlugPlay
SERVICE_START_NAME : LocalSystem
SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 820
FLAGS : 
DESCRIPTION : Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME : LocalSystem


----------



## eddie5659 (Mar 19, 2001)

I'll look thru the services now, but it does look like some entries were missed for removal with MBAm, so rre-run it again, and make sure all entries are ticked, and then remove and post the log


----------



## eddie5659 (Mar 19, 2001)

Okay, there is one there that stands out. Can you remove this entry with HijackThis:

*O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe*

reboot and see if that helps.


----------



## eddie5659 (Mar 19, 2001)

Hiya

Replying just to let you know I have to be away from home for a week. This wasn't planned, hence the late warning.

I'll be able to look at this thread at lunchtimes, but I've asked some others to take a look at the thread, whilst I'm away.

Hope you understand, and see you in a week 

eddie


----------



## eddie5659 (Mar 19, 2001)

I'm back now


----------



## human_error (Feb 5, 2010)

That's awesome -- I'm glad.


----------



## eddie5659 (Mar 19, 2001)

Okay, there is one there that stands out. Can you remove this entry with HijackThis:

*O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe*

reboot and see if that helps.


----------

