# the service cannot accept control messages at this time



## SmokinHope

Hi, I keep getting this message when I try to run regedit or anything else that may help "the service cannot accept control messages at this time ". My computer is going nuts. It keeps freezing and not allowing me to open programs. I tried system restore and it said missing. CAn anyone help me pls? I also seem to be missing dll's. I can only open 1 IE window in a session. I originally posted in VIsta, after running hijack this I printed the fopllowing report. It was suggested I move my post to this section. The others there determined I am infected. Any help is appreciated.
__________________
Sheila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:12, on 11/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://max.greyhound.ca/max/logout.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.candystand.com/play/stock-car-thunder"
O4 - HKUS\S-1-5-18\..\Run: [AV8] C:\Program Files\AV8\av8.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AV8] C:\Program Files\AV8\av8.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MRI_DISABLED
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {CFA29D95-DAD1-4B16-B987-3F558BCCBDFF} (PinPad Control) - https://max.greyhound.ca/max/pages/pinpad/PinPad.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c9a3136dd0d330) (gupdate1c9a3136dd0d330) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7852 bytes


----------



## SmokinHope

Bump, please I still need help.

Thanx


----------



## emeraldnzl

Hello SmokinHope,

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*
Download *OTL* to your Desktop

 Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
 Under the Custom Scan box paste this in



Code:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


 Click the *Run Scan* button. Do not change any settings unless otherwise told to do so.

o When the scan completes, it will open two notepad windows. *OTL.Txt and Extras.Txt*. These are saved in the same location as OTL.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

*So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt
*
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.


----------



## SmokinHope

Thank you, here are the logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4850

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

16/10/2010 12:42:34
mbam-log-2010-10-16 (12-42-34).txt

Scan type: Quick scan
Objects scanned: 139756
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AV8\av8.exe (Rogue.Antivirus8) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.


----------



## SmokinHope

OTL logfile created on: 16/10/2010 13:07:53 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 102.55 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 2.66 Gb Free Space | 71.30% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/16 12:23:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/08/22 08:06:12 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/22 08:06:12 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/22 08:06:09 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/22 08:06:07 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/22 08:06:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/20 04:56:16 | 004,493,312 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/12/05 17:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/11/02 08:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

========== Modules (SafeList) ==========

MOD - [2010/10/16 12:23:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2009/08/22 08:06:12 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 08:06:07 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/22 08:06:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/08/22 08:06:12 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/22 08:06:12 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/03 11:42:08 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/11/10 12:26:00 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/07/17 02:35:32 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/07/03 06:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/06/22 05:34:12 | 001,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/09/03 00:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/09/03 00:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/06/13 16:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://max.greyhound.ca/max/logout.do
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

[2008/06/11 07:12:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\luci7klm.default\extensions
[2010/10/06 08:30:46 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/10/09 15:44:14 | 000,421,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14541 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Users\Owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: greyhound.ca ([express] https in Trusted sites)
O15 - HKCU\..Trusted Domains: greyhound.ca ([max] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CFA29D95-DAD1-4B16-B987-3F558BCCBDFF} https://max.greyhound.ca/max/pages/pinpad/PinPad.CAB (PinPad Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/06 19:05:52 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{1f943136-535f-11df-b44d-00192143e717}\Shell - "" = AutoRun
O33 - MountPoints2\{1f943136-535f-11df-b44d-00192143e717}\Shell\AutoRun\command - "" = F:\HWPcAssistant.exe -- File not found
O33 - MountPoints2\{76f3f083-bb35-11de-82d8-00192143e717}\Shell\AutoRun\command - "" = F:\Launch.exe playlist.m3u -- File not found
O33 - MountPoints2\{8aa7b6ae-25ac-11dd-91f1-00192143e717}\Shell\AutoRun\command - "" = c200-installer.exe
O33 - MountPoints2\{a3d29c1d-07f7-11df-abaa-00192143e717}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{a3d29c1d-07f7-11df-abaa-00192143e717}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{ab90880f-2126-11dd-9e16-00192143e717}\Shell - "" = AutoRun
O33 - MountPoints2\{ab90880f-2126-11dd-9e16-00192143e717}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db1680a4-c391-11de-b987-00192143e717}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- [2008/01/20 22:33:00 | 000,013,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/16 13:01:48 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/10/16 12:32:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/10/16 12:32:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/16 12:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/16 12:32:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/16 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Malwarebytes' Anti-Malware
[2010/10/15 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MigWiz
[2010/10/15 09:41:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/10/11 15:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/10 16:38:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Norton Utilities 14
[2010/10/10 16:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2010/10/10 16:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/10/10 16:30:16 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/10/10 16:30:16 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/10/10 16:30:16 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010/10/10 16:30:16 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/10/10 16:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Utilities 14
[2010/10/08 14:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/08 14:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/07 20:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/10/07 13:30:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/07 13:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/09/29 01:54:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/26 13:09:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\{b5095b50-7692-44fa-8538-b20ee82ee082}
[2010/09/26 13:09:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/09/26 13:08:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/09/26 13:08:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/09/26 13:08:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/09/26 13:08:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/09/26 13:08:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/09/26 13:08:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/09/26 13:08:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/09/26 13:08:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/09/26 13:08:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/09/26 13:08:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/09/26 13:08:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/09/26 13:08:41 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/09/26 13:08:41 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/09/26 13:08:41 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/09/26 13:08:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/09/26 13:08:41 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/09/26 13:05:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\{2fe662d9-b989-4816-aa46-49ee39437996}
[2010/09/20 03:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/09/19 19:25:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Tracing
[2010/09/19 19:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/19 19:22:03 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/09/19 19:22:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/19 19:20:51 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/09/19 19:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/19 19:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/19 19:19:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/19 19:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/09/19 19:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/09/19 19:19:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/19 19:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

========== Files - Modified Within 30 Days ==========

[2010/10/16 13:11:15 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC461CF5-9111-4C9F-90DC-552DC3EBDA5E}.job
[2010/10/16 13:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/16 13:06:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/16 13:06:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/16 12:50:36 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/16 12:50:36 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/16 12:45:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 12:45:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/16 12:45:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/16 12:32:32 | 000,000,601 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 12:23:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2010/10/16 08:31:30 | 066,440,372 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/10/15 16:30:48 | 000,018,944 | ---- | M] () -- C:\Users\Owner\Desktop\Hamilton Oct.xls
[2010/10/14 22:00:50 | 000,002,593 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Excel.lnk
[2010/10/12 06:55:09 | 136,736,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/11 15:53:53 | 000,001,878 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/10/11 15:31:45 | 000,343,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/09 15:44:14 | 000,421,636 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/09 15:30:44 | 000,000,264 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/10/09 15:00:14 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/10/09 12:14:59 | 000,000,947 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/08 15:21:01 | 000,000,106 | ---- | M] () -- C:\Windows\wininit.ini
[2010/10/08 14:40:47 | 000,001,083 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/08 14:40:47 | 000,001,059 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/10/07 17:43:37 | 000,319,488 | ---- | M] () -- C:\Users\Owner\Desktop\GCTC New Customer Numbers 06152009.xls
[2010/10/07 17:17:03 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010/09/26 13:09:49 | 000,000,065 | ---- | M] () -- C:\Windows\System32\bd7220.dat
[2010/09/22 13:18:40 | 000,092,160 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/10/16 12:32:32 | 000,000,601 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 09:53:54 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EC461CF5-9111-4C9F-90DC-552DC3EBDA5E}.job
[2010/10/15 09:45:24 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/10/11 15:53:53 | 000,001,878 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2010/10/10 16:41:12 | 000,262,144 | -H-- | C] () -- C:\Users\Owner\S-1-5-21-1353733313-858491799-1111647766-1000.rrr.LOG1
[2010/10/10 16:41:12 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\S-1-5-21-1353733313-858491799-1111647766-1000.rrr.LOG2
[2010/10/08 15:21:01 | 000,000,106 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/08 14:40:47 | 000,001,083 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/08 14:40:47 | 000,001,059 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/10/07 13:30:20 | 136,736,215 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/26 13:08:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/09/26 13:08:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/09/26 13:08:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/06/21 21:44:48 | 000,000,124 | ---- | C] () -- C:\Windows\ZTOOLSW.INI
[2010/01/25 13:27:15 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/10/20 15:54:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/31 20:26:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/09 11:39:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/08/17 13:58:38 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/08/17 13:58:38 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/08/17 13:58:28 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/08/17 13:58:27 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2008/08/17 13:57:30 | 000,000,264 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/07/04 07:26:47 | 000,000,435 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/07/04 06:51:32 | 000,000,778 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/04 06:51:32 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/04 06:50:37 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/04 06:50:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/04 06:50:04 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/05/26 10:46:41 | 000,092,160 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/14 12:19:41 | 000,000,050 | ---- | C] () -- C:\Windows\Winamp.ini
[2008/05/14 12:19:38 | 000,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2008/05/14 11:55:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/17 03:37:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/17 01:48:49 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini
[2007/07/17 01:48:49 | 000,000,127 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/17 01:48:45 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/17 01:48:45 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/12/04 02:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugo3l3.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/07/17 02:46:00 | 000,003,380 | ---- | M] () -- C:\-20070716.log
[2008/05/14 11:25:06 | 000,004,626 | ---- | M] () -- C:\-20080514.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/07/17 01:50:10 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007/12/23 14:44:30 | 000,000,090 | ---- | M] () -- C:\CLMS.log
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/21 21:44:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/23 14:42:59 | 000,000,091 | ---- | M] () -- C:\MDisc.log
[2007/12/23 14:43:28 | 000,000,175 | ---- | M] () -- C:\MDR.log
[2010/06/21 21:44:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/16 12:45:25 | 2451,124,224 | -HS- | M] () -- C:\pagefile.sys
[2007/12/23 14:43:46 | 000,000,091 | ---- | M] () -- C:\PMovie.log
[2007/12/23 14:44:54 | 000,000,380 | ---- | M] () -- C:\PnR.log
[2007/12/23 14:45:27 | 000,001,082 | ---- | M] () -- C:\PSD.log
[2007/07/17 02:18:38 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2007/12/23 14:44:05 | 000,000,090 | ---- | M] () -- C:\SDMA.log
[2007/07/17 02:36:37 | 000,000,178 | ---- | M] () -- C:\setup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/06 16:37:28 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2006/09/18 02:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sugo3pc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/03/31 14:33:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/07/17 01:49:58 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/07/17 01:49:56 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/07/17 01:49:58 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/07/17 01:50:06 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/07/17 01:50:08 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/09 12:14:59 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/16 12:23:32 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/11/08 16:30:23 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\FileFormatConverters.exe
[2009/02/19 18:19:39 | 000,060,968 | ---- | M] () -- C:\Users\Owner\GoToAssistDownloadHelper.exe
[2010/06/21 21:50:22 | 008,175,616 | ---- | M] () -- C:\Users\Owner\ZD_2.6.42.03_Certified.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/12/23 15:23:28 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/23 07:26:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-07 07:00:21

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP287FACF

< End of report >


----------



## SmokinHope

OTL Extras logfile created on: 16/10/2010 13:07:53 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 102.55 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.94 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 2.66 Gb Free Space | 71.30% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58ACE791-1F5F-4AE3-9A77-ED9636AEBAE0}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{65BDDA2A-3FBC-4BB1-968F-D9BA00A8810D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{830AF251-31EB-4107-8669-617020CDE1EF}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\~os8a36.tmp\rlvknlg.exe | 
"{9F2A837A-ED3B-4EAB-A8D1-EA7BF1C80ECA}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{B2E19AA2-34EA-4C62-B7CA-F22A62EC8275}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{E36E5401-5ED9-4C1D-93A6-50D48BDCAA36}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\~os94c2.tmp\rlvknlg.exe | 
"{EFAF9BA6-3A32-4150-A04B-2E6C2487465E}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\~osb6aa.tmp\rlvknlg.exe | 
"TCP Query User{278A7AA3-FAD3-41FA-B70F-36A6D85E5FCF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{8E8E58FA-0309-409A-8E8D-A01B287CF901}F:\ares\ares.exe" = protocol=6 | dir=in | app=f:\ares\ares.exe | 
"TCP Query User{F6978975-6306-4C7D-AEB9-C5FBFBDED79D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{5749A128-9AB5-4122-A142-39CBAA840987}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{91B38E86-16C2-4BA9-BE14-C92D13C5996B}F:\ares\ares.exe" = protocol=17 | dir=in | app=f:\ares\ares.exe | 
"UDP Query User{A99DBE28-C15D-45E4-899F-9EAFA7AED357}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0725C68F-FD3A-4476-BDA0-C002C7FE307C}" = BlackBerry Desktop Software 4.2.2
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2A834160-1635-4573-AD05-A32E6C690C41}" = Brother HL-2140
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BF889C2E-1AA5-C8B1-587F-2C7D2E281C72}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG8Uninstall" = AVG Free 8.5
"BlackBerry_{0725C68F-FD3A-4476-BDA0-C002C7FE307C}" = BlackBerry Desktop Software 4.2.2
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Norton Utilities_is1" = Norton Utilities
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2010 01:45:29 | Computer Name = Owner-PC | Source = SPP | ID = 16387
Description =

Error - 14/10/2010 01:45:29 | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =

Error - 14/10/2010 01:45:29 | Computer Name = Owner-PC | Source = System Restore | ID = 8210
Description =

Error - 14/10/2010 02:36:43 | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x13d0, application
start time 0x01cb6b5ea7a14dfa.

Error - 14/10/2010 05:26:49 | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004714e, process id 0xbc4, application
start time 0x01cb6b6a40bb359a.

Error - 14/10/2010 05:58:28 | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0004714e, process id 0x824, application
start time 0x01cb6b8201b2cf3a.

Error - 14/10/2010 12:06:35 | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc000071b, fault offset 0x000888f5, process id 0x494, application
start time 0x01cb6bb377f1888a.

Error - 14/10/2010 14:35:12 | Computer Name = Owner-PC | Source = SPP | ID = 16387
Description =

Error - 14/10/2010 14:35:12 | Computer Name = Owner-PC | Source = System Restore | ID = 8193
Description =

Error - 14/10/2010 14:35:12 | Computer Name = Owner-PC | Source = System Restore | ID = 8210
Description =

[ Media Center Events ]
Error - 22/06/2009 03:31:03 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 28/06/2009 03:33:31 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 13/07/2009 03:35:22 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 13/08/2009 03:31:37 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 14/09/2009 15:25:23 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/09/2009 15:26:44 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/10/2009 17:53:13 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 07/10/2009 19:41:19 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 27/11/2009 14:51:15 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 08/03/2010 02:40:19 | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 16/10/2010 12:09:54 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 16/10/2010 12:09:59 | Computer Name = Owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-7220 USB Printer
with shared resource name Brother MFC-7220 USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 16/10/2010 12:09:59 | Computer Name = Owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-5460CN USB Printer
with shared resource name Brother MFC-5460CN USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 16/10/2010 12:09:59 | Computer Name = Owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Bocacan1 with shared resource
name Bocacan1. Error 2114. The printer cannot be used by others on the network.

Error - 16/10/2010 12:45:43 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 16/10/2010 12:45:48 | Computer Name = Owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-7220 USB Printer
with shared resource name Brother MFC-7220 USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 16/10/2010 12:45:48 | Computer Name = Owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Brother MFC-5460CN USB Printer
with shared resource name Brother MFC-5460CN USB Printer. Error 2114. The printer
cannot be used by others on the network.

Error - 16/10/2010 12:45:48 | Computer Name = Owner-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer Bocacan1 with shared resource
name Bocacan1. Error 2114. The printer cannot be used by others on the network.

Error - 16/10/2010 13:07:55 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 16/10/2010 13:07:55 | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7032
Description =

< End of report >


----------



## emeraldnzl

Hello SmokinHope,

Please disable AVG so that it won't interfere with the tools we are going to run.

How to disable *AVG's Resident Shield*.

Right click the *AVG* icon and click *Open*.

In the *Overview* panel click on *Resident Shield > Uncheck the Resident Shield Active box > Save Changes*.

*Now*

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following



Code:


:OTL
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{1f943136-535f-11df-b44d-00192143e717}\Shell - "" = AutoRun
O33 - MountPoints2\{1f943136-535f-11df-b44d-00192143e717}\Shell\AutoRun\command - "" = F:\HWPcAssistant.exe -- File not found
O33 - MountPoints2\{76f3f083-bb35-11de-82d8-00192143e717}\Shell\AutoRun\command - "" = F:\Launch.exe playlist.m3u -- File not found
O33 - MountPoints2\{8aa7b6ae-25ac-11dd-91f1-00192143e717}\Shell\AutoRun\command - "" = c200-installer.exe
O33 - MountPoints2\{a3d29c1d-07f7-11df-abaa-00192143e717}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{a3d29c1d-07f7-11df-abaa-00192143e717}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{ab90880f-2126-11dd-9e16-00192143e717}\Shell - "" = AutoRun
O33 - MountPoints2\{ab90880f-2126-11dd-9e16-00192143e717}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db1680a4-c391-11de-b987-00192143e717}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- [2008/01/20 22:33:00 | 

:Files
c:\users\owner\appdata\local\temp\~os8a36.tmp\rlvknlg.exe
c:\users\owner\appdata\local\temp\~os94c2.tmp\rlvknlg.exe
c:\users\owner\appdata\local\temp\~osb6aa.tmp\rlvknlg.exe

:Commands
[emptyflash]
[Reboot]


Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.
*Next*

Please download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

***Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall***

When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

*So when you return please post
OTL fix log
ComboFix.txt
*


----------



## SmokinHope

Hi, turned off AVG ran OTL with code you gave. It went by very quickly. Did the restart but I cant find the log??


----------



## emeraldnzl

Hi SmokinHope,

A copy of an OTL fix log is saved in a text file at

* :\_OTL\Moved Files

in most cases this will be C:\_OTL\Moved Files


----------



## SmokinHope

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f943136-535f-11df-b44d-00192143e717}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f943136-535f-11df-b44d-00192143e717}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f943136-535f-11df-b44d-00192143e717}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f943136-535f-11df-b44d-00192143e717}\ not found.
File F:\HWPcAssistant.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76f3f083-bb35-11de-82d8-00192143e717}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76f3f083-bb35-11de-82d8-00192143e717}\ not found.
File F:\Launch.exe playlist.m3u not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8aa7b6ae-25ac-11dd-91f1-00192143e717}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aa7b6ae-25ac-11dd-91f1-00192143e717}\ not found.
File c200-installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3d29c1d-07f7-11df-abaa-00192143e717}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3d29c1d-07f7-11df-abaa-00192143e717}\ not found.
File F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3d29c1d-07f7-11df-abaa-00192143e717}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3d29c1d-07f7-11df-abaa-00192143e717}\ not found.
File F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab90880f-2126-11dd-9e16-00192143e717}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab90880f-2126-11dd-9e16-00192143e717}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab90880f-2126-11dd-9e16-00192143e717}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab90880f-2126-11dd-9e16-00192143e717}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db1680a4-c391-11de-b987-00192143e717}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db1680a4-c391-11de-b987-00192143e717}\ not found.
File F:\setupSNK.exe not found.
========== FILES ==========
File\Folder c:\users\owner\appdata\local\temp\~os8a36.tmp\rlvknlg.exe not found.
File\Folder c:\users\owner\appdata\local\temp\~os94c2.tmp\rlvknlg.exe not found.
File\Folder c:\users\owner\appdata\local\temp\~osb6aa.tmp\rlvknlg.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 40258 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10162010_173917


----------



## SmokinHope

ComboFix 10-10-16.03 - Owner 16/10/2010 18:40:04.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1176 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\users\Owner\GoToAssistDownloadHelper.exe
c:\users\Owner\ZD_2.6.42.03_Certified.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 22:46 . 2010-10-16 22:46	--------	d-----w-	c:\users\Owner\AppData\Local\temp
2010-10-16 22:46 . 2010-10-16 22:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-16 21:39 . 2010-10-16 21:39	--------	d-----w-	C:\_OTL
2010-10-16 16:32 . 2010-10-16 16:32	--------	d-----w-	c:\users\Owner\AppData\Roaming\Malwarebytes
2010-10-16 16:32 . 2010-04-29 19:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 16:32 . 2010-10-16 16:32	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-16 16:32 . 2010-04-29 19:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-15 15:19 . 2010-10-15 15:20	--------	d-----w-	c:\users\Owner\AppData\Local\MigWiz
2010-10-11 19:53 . 2010-10-11 19:53	--------	d-----w-	c:\program files\Trend Micro
2010-10-10 20:38 . 2010-10-10 22:30	--------	d-----w-	c:\users\Owner\AppData\Roaming\Norton Utilities 14
2010-10-10 20:31 . 2010-10-10 20:31	--------	d-----w-	c:\programdata\Norton Installer
2010-10-10 20:30 . 2008-04-02 19:54	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
2010-10-10 20:30 . 2008-04-02 19:53	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
2010-10-10 20:30 . 2008-04-02 19:53	880640	----a-w-	c:\windows\system32\UniBox10.ocx
2010-10-10 20:30 . 2004-08-04 11:00	506368	----a-w-	c:\windows\system32\msxml.dll
2010-10-10 20:30 . 2010-10-16 18:51	--------	d-----w-	c:\program files\Norton Utilities 14
2010-10-08 18:40 . 2010-10-09 19:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-10-08 18:40 . 2010-10-08 18:43	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-10-08 00:26 . 2010-10-08 00:26	--------	d-----w-	c:\programdata\WindowsSearch
2010-10-07 17:19 . 2010-10-16 16:42	--------	d-----w-	c:\programdata\Update
2010-10-05 05:54 . 2010-09-09 22:52	6084944	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{21355C6C-97FD-4F49-ACB2-59A64E6533BB}\mpengine.dll
2010-09-29 05:54 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-29 05:54 . 2010-08-26 04:23	13312	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-09-26 17:09 . 2010-09-26 17:09	--------	d-----w-	c:\users\Owner\{b5095b50-7692-44fa-8538-b20ee82ee082}
2010-09-26 17:05 . 2010-09-26 17:05	--------	d-----w-	c:\users\Owner\{2fe662d9-b989-4816-aa46-49ee39437996}
2010-09-20 07:00 . 2010-09-20 07:00	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-19 23:25 . 2010-09-19 23:25	--------	d-----w-	c:\users\Owner\Tracing
2010-09-19 23:22 . 2010-10-01 05:34	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-19 23:22 . 2010-09-19 23:22	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-09-19 23:22 . 2010-04-28 11:44	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2010-09-19 23:20 . 2006-11-29 17:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2010-09-19 23:20 . 2010-09-19 23:20	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-09-19 23:20 . 2010-09-26 17:07	--------	d-----w-	c:\program files\Microsoft
2010-09-19 23:19 . 2010-09-19 23:19	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-09-19 23:19 . 2010-09-19 23:32	--------	d-----w-	c:\program files\Windows Live
2010-09-19 23:19 . 2010-09-19 23:19	--------	d-----w-	c:\windows\PCHEALTH
2010-09-19 23:03 . 2010-09-19 23:03	--------	d-----w-	c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\users\Owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-17 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcerMemUsageCheckService"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"eDataSecurity Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"BrStsWnd"=c:\program files\Brownie\BrstsWnd.exe Autorun
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a3136dd0d330;Google Update Service (gupdate1c9a3136dd0d330);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 22:15]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 13:06]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 13:06]

2010-10-16 c:\windows\Tasks\User_Feed_Synchronization-{EC461CF5-9111-4C9F-90DC-552DC3EBDA5E}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = https://max.greyhound.ca/max/logout.do
mStart Page = hxxp://en.ca.acer.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: greyhound.ca\express
Trusted Zone: greyhound.ca\max
DPF: {CFA29D95-DAD1-4B16-B987-3F558BCCBDFF} - hxxps://max.greyhound.ca/max/pages/pinpad/PinPad.CAB
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84D3B54C]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x881a1d24
\Driver\ACPI -> acpi.sys @ 0x8264bd68
\Driver\atapi -> ataport.SYS @ 0x8275aa2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-16 18:48:26
ComboFix-quarantined-files.txt 2010-10-16 22:48

Pre-Run: 109,954,998,272 bytes free
Post-Run: 109,855,862,784 bytes free

- - End Of File - - 2BA535B88125197EEAE0724E45C9ADA2


----------



## emeraldnzl

Hello SmokinHope,

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.










Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entry, and press 'Enter':

*fixmbr*

After that re-run ComboFix and post the log it produces back here.


----------



## SmokinHope

I have already started windows a number of times and I do not get the options you have shown, it is just starting normally.


----------



## emeraldnzl

Let's have a look to see if the Recovery Console is there.

Please download *BootCheck.exe* to your desktop.
Double click *BootCheck.exe* to run the check
When complete, a Notepad window will open with a report
Please copy and paste the contents of this report in your next reply


----------



## SmokinHope

Hi, I downloaded bootcheck and when I tried to run it it said unsupported version ??


----------



## emeraldnzl

Do you have your Windows Installation Disk for that machine?


----------



## SmokinHope

I dont have the disk for this computer, but I do have the one for my laptop same version. I tried F8 while starting to try find windows recovery console I found Repair computer but when I clicked it, it wants a password and user name. I tried my regular login and it didnt work. This is a used computer so someone else could have set it I guess. 
Thanks for your patience with me, really appreciate it.


----------



## emeraldnzl

Oh dear, I overlooked that this was a Vista machine... reason that earlier instruction wouldn't work.



> but I do have the one for my laptop same version


If that is *exactly* the same version it might work.

Put the Windows Vista installation disc in the disc drive, and then start the computer.
Press a key when you are prompted.
Select a language, a time, a currency, a keyboard or an input method, and then click Next.
Click Repair your computer.
Click the operating system that you want to repair, and then click Next.
In the System Recovery Options dialog box, click *Command Prompt*.
Type *bootrec.exe /fixmbr* _Note the gap... it should be there_, and then press ENTER.
On completion re-boot

Once rebooted re-run Combofix


----------



## SmokinHope

Because my laptop came preloaded my 2 disks are my back up disks, is this ok ? It doesnt seem to want to boot from the disk. Now what ?


----------



## emeraldnzl

No those disks won't work.

Please download *MBRCheck.exe* to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:



> Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type *N* and press *Enter*. A report will be produced on the desktop. Post that report in your next reply.


----------



## SmokinHope

(c) 2010, AD

Command-line: 
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	ACER
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ACER
System Product Name: Aspire M5630
Logical Drives Mask: 0x0000079c

Kernel Drivers (total 139):
0x82036000 \SystemRoot\system32\ntoskrnl.exe
0x82003000 \SystemRoot\system32\hal.dll
0x84ECF000 \SystemRoot\system32\kdcom.dll
0x82410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82480000 \SystemRoot\system32\PSHED.dll
0x82491000 \SystemRoot\system32\BOOTVID.dll
0x82499000 \SystemRoot\system32\CLFS.SYS
0x824DA000 \SystemRoot\system32\CI.dll
0x825BA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82636000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82643000 \SystemRoot\system32\drivers\acpi.sys
0x82689000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82692000 \SystemRoot\system32\drivers\msisadrv.sys
0x8269A000 \SystemRoot\system32\drivers\pci.sys
0x826C1000 \SystemRoot\System32\drivers\partmgr.sys
0x826D0000 \SystemRoot\system32\drivers\volmgr.sys
0x826DF000 \SystemRoot\System32\drivers\volmgrx.sys
0x82729000 \SystemRoot\system32\drivers\intelide.sys
0x82730000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8273E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8274E000 \SystemRoot\system32\drivers\atapi.sys
0x82756000 \SystemRoot\system32\drivers\ataport.SYS
0x82774000 \SystemRoot\system32\drivers\fltmgr.sys
0x827A6000 \SystemRoot\system32\drivers\fileinfo.sys
0x827B6000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87C09000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C7A000 \SystemRoot\system32\drivers\ndis.sys
0x87D85000 \SystemRoot\system32\drivers\msrpc.sys
0x87DB0000 \SystemRoot\system32\drivers\NETIO.SYS
0x87DEB000 \SystemRoot\System32\drivers\tcpip.sys
0x87ED5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87EF0000 \SystemRoot\System32\Drivers\Ntfs.sys
0x827BF000 \SystemRoot\system32\drivers\volsnap.sys
0x87C00000 \SystemRoot\System32\Drivers\spldr.sys
0x88005000 \SystemRoot\System32\Drivers\mup.sys
0x88014000 \SystemRoot\System32\drivers\ecache.sys
0x8803B000 \SystemRoot\system32\drivers\disk.sys
0x8804C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8806D000 \SystemRoot\system32\drivers\crcdisk.sys
0x88096000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x880A1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x880AA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D804000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8DEBF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DF60000 \SystemRoot\System32\drivers\watchdog.sys
0x8DF6C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x880B9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x880DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x880E8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88126000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88135000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x88145000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x88153000 \SystemRoot\system32\DRIVERS\parport.sys
0x8817E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88189000 \SystemRoot\system32\DRIVERS\serial.sys
0x881A3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x881AD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DFF9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x881C5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x881F4000 \SystemRoot\system32\DRIVERS\storport.sys
0x88235000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x88240000 \SystemRoot\System32\Drivers\RootMdm.sys
0x88248000 \SystemRoot\system32\drivers\modem.sys
0x88255000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8826C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x88277000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8829A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x882A9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x882BD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x882D2000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x882D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x882E9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DFFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x882F4000 \SystemRoot\system32\DRIVERS\ks.sys
0x8831E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88328000 \SystemRoot\system32\DRIVERS\umbus.sys
0x88335000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E806000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E9BA000 \SystemRoot\system32\drivers\portcls.sys
0x8E9E7000 \SystemRoot\system32\drivers\drmk.sys
0x8EA0C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA1D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EA26000 \SystemRoot\System32\Drivers\Null.SYS
0x8EA2D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EA34000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EA50000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EA57000 \SystemRoot\System32\drivers\vga.sys
0x8EA63000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EA84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EA8C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EA94000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EA9F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EAAD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EAB6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EACC000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8EAE5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EB17000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EB2B000 \SystemRoot\system32\drivers\afd.sys
0x8EB73000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8EB7C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EB92000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EBA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EBB3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EBEF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8836A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EBF9000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x88381000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8EA47000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x883D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E800000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x883E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x883EA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93C0B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x93C22000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x93C2B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93C38000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93C43000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA08C0000 \SystemRoot\System32\win32k.sys
0x93C4B000 \SystemRoot\System32\drivers\Dxapi.sys
0x93C55000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA0AE0000 \SystemRoot\System32\TSDDD.dll
0xA0B00000 \SystemRoot\System32\cdd.dll
0x93C64000 \SystemRoot\system32\drivers\luafv.sys
0x93C87000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93C97000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93CAA000 \SystemRoot\system32\drivers\HTTP.sys
0x93D17000 \SystemRoot\system32\drivers\spsys.sys
0x93DC7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93DE0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93DF5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93E14000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93E4D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x93E65000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x93E6C000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x93E73000 \SystemRoot\system32\drivers\peauth.sys
0x93F51000 \SystemRoot\System32\Drivers\secdrv.SYS
0x93F5B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x93F67000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x777A0000 \Windows\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
516 csrss.exe
552 C:\Windows\System32\wininit.exe
568 csrss.exe
604 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
676 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\audiodg.exe
1152 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\SLsvc.exe
1260 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\spoolsv.exe
1676 C:\Windows\System32\svchost.exe
1788 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
1932 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1972 C:\Windows\System32\svchost.exe
1316 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1500 C:\Program Files\AVG\AVG8\avgrsx.exe
796 C:\Program Files\AVG\AVG8\avgnsx.exe
1948 C:\Windows\System32\SearchIndexer.exe
1040 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2244 C:\Program Files\AVG\AVG8\avgemc.exe
2300 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2368 C:\Program Files\AVG\AVG8\avgcsrvx.exe
2416 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2760 WmiPrvSE.exe
2932 C:\Windows\System32\dwm.exe
2940 C:\Windows\System32\taskeng.exe
3100 C:\Windows\System32\taskeng.exe
3120 C:\Windows\explorer.exe
3488 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3560 C:\Windows\System32\wpcumi.exe
3568 C:\Windows\RtHDVCpl.exe
3584 C:\Windows\System32\igfxpers.exe
3612 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3652 C:\Program Files\Windows Media Player\wmpnscfg.exe
3712 C:\Windows\System32\igfxsrvc.exe
3720 WmiPrvSE.exe
3728 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
3852 C:\Program Files\Windows Media Player\wmpnetwk.exe
2588 C:\Windows\System32\wbem\unsecapp.exe
1052 C:\Program Files\Internet Explorer\iexplore.exe
808 C:\Program Files\Internet Explorer\iexplore.exe
3648 C:\Program Files\Internet Explorer\iexplore.exe
2920 C:\Program Files\Internet Explorer\iexplore.exe
2452 C:\Program Files\Internet Explorer\iexplore.exe
268 C:\Windows\System32\taskeng.exe
1372 C:\Program Files\Internet Explorer\iexplore.exe
2228 C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
2564 C:\Windows\System32\SearchProtocolHost.exe
2616 C:\Windows\System32\SearchFilterHost.exe
2488 C:\Windows\System32\SearchProtocolHost.exe
704 C:\Users\Owner\Desktop\MBRCheck.exe
1440 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`83700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725032VLA380, Rev: V54OA73A

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!


----------



## emeraldnzl

Hello SmokinHope,

*Please read carefully and follow these steps.* 

Download *TDSSKiller* and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on *TDSSKiller.exe* to run the application, then on *Start Scan.*

If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## SmokinHope

Hi it gave me 2 logs, one before restart and one after. here are both.

2010/10/17 17:26:48.0677	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/17 17:26:48.0677	================================================================================
2010/10/17 17:26:48.0677	SystemInfo:
2010/10/17 17:26:48.0677	
2010/10/17 17:26:48.0677	OS Version: 6.0.6002 ServicePack: 2.0
2010/10/17 17:26:48.0677	Product type: Workstation
2010/10/17 17:26:48.0677	ComputerName: OWNER-PC
2010/10/17 17:26:48.0677	UserName: Owner
2010/10/17 17:26:48.0677	Windows directory: C:\Windows
2010/10/17 17:26:48.0677	System windows directory: C:\Windows
2010/10/17 17:26:48.0677	Processor architecture: Intel x86
2010/10/17 17:26:48.0677	Number of processors: 4
2010/10/17 17:26:48.0677	Page size: 0x1000
2010/10/17 17:26:48.0677	Boot type: Normal boot
2010/10/17 17:26:48.0677	================================================================================
2010/10/17 17:26:48.0895	Initialize success
2010/10/17 17:26:52.0296	================================================================================
2010/10/17 17:26:52.0296	Scan started
2010/10/17 17:26:52.0296	Mode: Manual;
2010/10/17 17:26:52.0296	================================================================================
2010/10/17 17:26:53.0029	ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/17 17:26:53.0076	adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/17 17:26:53.0154	adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/17 17:26:53.0170	adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/17 17:26:53.0201	adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/17 17:26:53.0326	AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/17 17:26:53.0451	agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/17 17:26:53.0560	aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/17 17:26:53.0591	aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/17 17:26:53.0607	amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/17 17:26:53.0638	amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/17 17:26:53.0700	AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/17 17:26:53.0716	AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/17 17:26:53.0794	arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/17 17:26:53.0841	arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/17 17:26:53.0887	AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/17 17:26:53.0965	atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/17 17:26:54.0075	AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
2010/10/17 17:26:54.0168	AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
2010/10/17 17:26:54.0231	AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
2010/10/17 17:26:54.0324	Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/17 17:26:54.0371	bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/17 17:26:54.0465	BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/17 17:26:54.0480	BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/17 17:26:54.0589	Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
2010/10/17 17:26:54.0621	BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
2010/10/17 17:26:54.0714	BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/17 17:26:54.0730	BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/17 17:26:54.0745	BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2010/10/17 17:26:54.0839	BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/17 17:26:55.0011	cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/17 17:26:55.0057	cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/17 17:26:55.0151	circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/17 17:26:55.0182	CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/17 17:26:55.0291	cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/17 17:26:55.0307	Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/10/17 17:26:55.0338	crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/17 17:26:55.0401	Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/17 17:26:55.0494	DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/17 17:26:55.0619	disk  (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/17 17:26:55.0666	drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/17 17:26:55.0759	DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/17 17:26:55.0791	E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/17 17:26:55.0915	Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/17 17:26:56.0025	elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/17 17:26:56.0149	exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/17 17:26:56.0181	fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/17 17:26:56.0305	fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/17 17:26:56.0368	FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/17 17:26:56.0461	Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/17 17:26:56.0508	flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/17 17:26:56.0571	FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/17 17:26:56.0727	fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/10/17 17:26:56.0820	Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/17 17:26:56.0851	gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/17 17:26:56.0929	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/10/17 17:26:56.0992	HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/17 17:26:57.0007	HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/17 17:26:57.0070	HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/17 17:26:57.0117	HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/17 17:26:57.0132	HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/17 17:26:57.0179	HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/17 17:26:57.0273	i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/17 17:26:57.0319	i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/17 17:26:57.0413	iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
2010/10/17 17:26:57.0429	iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/17 17:26:57.0507	igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/17 17:26:57.0600	iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/17 17:26:57.0678	int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2010/10/17 17:26:57.0787	IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
2010/10/17 17:26:57.0897	intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/17 17:26:57.0928	intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/17 17:26:57.0959	IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/17 17:26:58.0068	IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/17 17:26:58.0099	IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/17 17:26:58.0131	IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/17 17:26:58.0209	isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/17 17:26:58.0240	iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/17 17:26:58.0302	iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/17 17:26:58.0333	iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/17 17:26:58.0365	kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/17 17:26:58.0458	kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/17 17:26:58.0552	KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/17 17:26:58.0708	lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/17 17:26:58.0739	LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/17 17:26:58.0755	LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/17 17:26:58.0833	LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/17 17:26:58.0864	luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/17 17:26:58.0879	megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/17 17:26:58.0911	Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/17 17:26:59.0020	monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/17 17:26:59.0051	mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/17 17:26:59.0082	mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/17 17:26:59.0207	MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/17 17:26:59.0238	mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/17 17:26:59.0316	mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/17 17:26:59.0332	Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/17 17:26:59.0363	MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/17 17:26:59.0410	mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/17 17:26:59.0472	mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/17 17:26:59.0503	mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/17 17:26:59.0519	msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/10/17 17:26:59.0550	msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/17 17:26:59.0644	Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/17 17:26:59.0691	msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/17 17:26:59.0769	MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/17 17:26:59.0784	MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/17 17:26:59.0800	MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/17 17:26:59.0831	MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/17 17:26:59.0862	mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/17 17:26:59.0940	MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/17 17:26:59.0971	Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/17 17:27:00.0049	NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/17 17:27:00.0159	NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/17 17:27:00.0221	NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/17 17:27:00.0299	Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/17 17:27:00.0330	NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/17 17:27:00.0377	NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/17 17:27:00.0455	NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/17 17:27:00.0533	netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/17 17:27:00.0611	nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/17 17:27:00.0658	Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/17 17:27:00.0689	nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/17 17:27:00.0783	Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/17 17:27:00.0829	NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2010/10/17 17:27:00.0876	ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/17 17:27:00.0907	Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/17 17:27:00.0923	nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/17 17:27:00.0970	nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/17 17:27:01.0017	nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/17 17:27:01.0095	ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/17 17:27:01.0141	Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/10/17 17:27:01.0235	partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/17 17:27:01.0282	Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/17 17:27:01.0391	pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/17 17:27:01.0438	pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/10/17 17:27:01.0500	pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/17 17:27:01.0531	PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/17 17:27:01.0625	PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/17 17:27:01.0672	Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/17 17:27:01.0734	PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/17 17:27:01.0828	PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/17 17:27:01.0875	ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/17 17:27:01.0953	ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/17 17:27:01.0999	QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/17 17:27:02.0031	RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/17 17:27:02.0109	Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/17 17:27:02.0155	RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/17 17:27:02.0171	RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/17 17:27:02.0280	rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/17 17:27:02.0311	RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/17 17:27:02.0343	rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/17 17:27:02.0405	RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/17 17:27:02.0452	RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/17 17:27:02.0514	RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) C:\Windows\system32\Drivers\RimUsb.sys
2010/10/17 17:27:02.0577	RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/10/17 17:27:02.0655	ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2010/10/17 17:27:02.0748	rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/17 17:27:02.0795	RTL8169 (f875e277a79ef9d6f3ac89abb557a689) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/10/17 17:27:02.0811	sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/17 17:27:02.0889	secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/17 17:27:02.0935	Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/17 17:27:02.0998	Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/10/17 17:27:03.0060	sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/17 17:27:03.0123	sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/17 17:27:03.0138	sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/17 17:27:03.0154	sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/17 17:27:03.0201	sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/17 17:27:03.0247	sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/17 17:27:03.0263	SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/17 17:27:03.0279	SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/17 17:27:03.0372	Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/17 17:27:03.0450	spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/17 17:27:03.0513	srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/17 17:27:03.0575	srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/17 17:27:03.0591	srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/17 17:27:03.0669	swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/17 17:27:03.0731	Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/17 17:27:03.0747	Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/17 17:27:03.0793	Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/17 17:27:03.0934	Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/17 17:27:04.0090	Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/17 17:27:04.0168	tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/17 17:27:04.0215	TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/17 17:27:04.0230	TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/17 17:27:04.0339	tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/17 17:27:04.0371	TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/17 17:27:04.0480	tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/17 17:27:04.0511	tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/17 17:27:04.0542	tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/17 17:27:04.0636	uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/17 17:27:04.0683	udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/17 17:27:04.0761	uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/17 17:27:04.0792	uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/17 17:27:04.0807	UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/17 17:27:04.0839	ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/17 17:27:04.0917	umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/17 17:27:04.0948	usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/17 17:27:04.0979	usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/17 17:27:05.0057	usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/17 17:27:05.0104	usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/17 17:27:05.0135	usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/17 17:27:05.0213	usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/17 17:27:05.0260	usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/17 17:27:05.0338	USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/17 17:27:05.0369	usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/17 17:27:05.0416	vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/17 17:27:05.0494	VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/17 17:27:05.0509	viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/17 17:27:05.0525	ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/17 17:27:05.0556	viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/17 17:27:05.0650	volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/17 17:27:05.0697	volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/17 17:27:05.0821	volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/17 17:27:05.0837	vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/17 17:27:05.0915	WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/17 17:27:05.0977	Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/17 17:27:05.0993	Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/17 17:27:06.0087	Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/17 17:27:06.0165	Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/17 17:27:06.0321	WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/10/17 17:27:06.0367	WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/17 17:27:06.0399	ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/17 17:27:06.0492	WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/17 17:27:06.0539	\HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/17 17:27:06.0539	================================================================================
2010/10/17 17:27:06.0539	Scan finished
2010/10/17 17:27:06.0539	================================================================================
2010/10/17 17:27:06.0555	Detected object count: 1
2010/10/17 17:27:18.0801	\HardDisk0\MBR - will be cured after reboot
2010/10/17 17:27:18.0801	Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/17 17:27:27.0084	Deinitialize success


__________________________________________________________


2010/10/17 17:21:35.0901	TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/17 17:21:35.0901	================================================================================
2010/10/17 17:21:35.0901	SystemInfo:
2010/10/17 17:21:35.0901	
2010/10/17 17:21:35.0901	OS Version: 6.0.6002 ServicePack: 2.0
2010/10/17 17:21:35.0901	Product type: Workstation
2010/10/17 17:21:35.0901	ComputerName: OWNER-PC
2010/10/17 17:21:35.0901	UserName: Owner
2010/10/17 17:21:35.0901	Windows directory: C:\Windows
2010/10/17 17:21:35.0901	System windows directory: C:\Windows
2010/10/17 17:21:35.0901	Processor architecture: Intel x86
2010/10/17 17:21:35.0901	Number of processors: 4
2010/10/17 17:21:35.0901	Page size: 0x1000
2010/10/17 17:21:35.0901	Boot type: Normal boot
2010/10/17 17:21:35.0901	================================================================================
2010/10/17 17:21:36.0182	Initialize success
2010/10/17 17:22:04.0059	Deinitialize success


----------



## emeraldnzl

Hi SmokinHope,

Please run ComboFix again and post back the log it produces.


----------



## SmokinHope

Sorry, here is the missing log.

ComboFix 10-10-17.01 - Owner 17/10/2010 18:22:19.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1188 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 22:25 . 2010-10-17 22:26	--------	d-----w-	c:\users\Owner\AppData\Local\temp
2010-10-17 22:25 . 2010-10-17 22:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-16 21:39 . 2010-10-16 21:39	--------	d-----w-	C:\_OTL
2010-10-16 16:32 . 2010-10-16 16:32	--------	d-----w-	c:\users\Owner\AppData\Roaming\Malwarebytes
2010-10-16 16:32 . 2010-04-29 19:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 16:32 . 2010-10-16 16:32	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-16 16:32 . 2010-04-29 19:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-15 15:19 . 2010-10-15 15:20	--------	d-----w-	c:\users\Owner\AppData\Local\MigWiz
2010-10-11 19:53 . 2010-10-11 19:53	--------	d-----w-	c:\program files\Trend Micro
2010-10-10 20:38 . 2010-10-10 22:30	--------	d-----w-	c:\users\Owner\AppData\Roaming\Norton Utilities 14
2010-10-10 20:31 . 2010-10-10 20:31	--------	d-----w-	c:\programdata\Norton Installer
2010-10-10 20:30 . 2008-04-02 19:54	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
2010-10-10 20:30 . 2008-04-02 19:53	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
2010-10-10 20:30 . 2008-04-02 19:53	880640	----a-w-	c:\windows\system32\UniBox10.ocx
2010-10-10 20:30 . 2004-08-04 11:00	506368	----a-w-	c:\windows\system32\msxml.dll
2010-10-10 20:30 . 2010-10-16 18:51	--------	d-----w-	c:\program files\Norton Utilities 14
2010-10-08 18:40 . 2010-10-09 19:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-10-08 18:40 . 2010-10-08 18:43	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-10-08 00:26 . 2010-10-08 00:26	--------	d-----w-	c:\programdata\WindowsSearch
2010-10-07 17:19 . 2010-10-16 16:42	--------	d-----w-	c:\programdata\Update
2010-10-05 05:54 . 2010-09-09 22:52	6084944	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{21355C6C-97FD-4F49-ACB2-59A64E6533BB}\mpengine.dll
2010-09-29 05:54 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-29 05:54 . 2010-08-26 04:23	13312	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-09-26 17:09 . 2010-09-26 17:09	--------	d-----w-	c:\users\Owner\{b5095b50-7692-44fa-8538-b20ee82ee082}
2010-09-26 17:05 . 2010-09-26 17:05	--------	d-----w-	c:\users\Owner\{2fe662d9-b989-4816-aa46-49ee39437996}
2010-09-20 07:00 . 2010-09-20 07:00	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-19 23:25 . 2010-09-19 23:25	--------	d-----w-	c:\users\Owner\Tracing
2010-09-19 23:22 . 2010-10-01 05:34	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-19 23:22 . 2010-09-19 23:22	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-09-19 23:22 . 2010-04-28 11:44	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2010-09-19 23:20 . 2006-11-29 17:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2010-09-19 23:20 . 2010-09-19 23:20	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-09-19 23:20 . 2010-09-26 17:07	--------	d-----w-	c:\program files\Microsoft
2010-09-19 23:19 . 2010-09-19 23:19	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-09-19 23:19 . 2010-09-19 23:32	--------	d-----w-	c:\program files\Windows Live
2010-09-19 23:19 . 2010-09-19 23:19	--------	d-----w-	c:\windows\PCHEALTH
2010-09-19 23:03 . 2010-09-19 23:03	--------	d-----w-	c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\users\Owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-17 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcerMemUsageCheckService"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"eDataSecurity Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"BrStsWnd"=c:\program files\Brownie\BrstsWnd.exe Autorun
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a3136dd0d330;Google Update Service (gupdate1c9a3136dd0d330);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 22:15]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 13:06]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 13:06]

2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{EC461CF5-9111-4C9F-90DC-552DC3EBDA5E}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = https://max.greyhound.ca/max/logout.do
mStart Page = hxxp://en.ca.acer.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: greyhound.ca\express
Trusted Zone: greyhound.ca\max
DPF: {CFA29D95-DAD1-4B16-B987-3F558BCCBDFF} - hxxps://max.greyhound.ca/max/pages/pinpad/PinPad.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-17 18:27:44
ComboFix-quarantined-files.txt 2010-10-17 22:27
ComboFix2.txt 2010-10-16 22:48

Pre-Run: 110,149,898,240 bytes free
Post-Run: 109,789,794,304 bytes free

- - End Of File - - 959F555BB85E19B5F85727F2EC326E55


----------



## emeraldnzl

Hello again SmokinHope,

Making good progress I think.

*Now*

Please check that your Java is up to date. Older versions are vunerable to attack.

Please follow these steps:


Download from here *Java Runtime Environment (JRE) Update * 
Scroll to where it says *"Windows 7/Vista/2000/2003/2008 online" * and download and follow the instructions.

Reboot your computer. 
You also need to uininstall older versions of Java.

 Click *Start* > *Control Panel* > *Add or Remove Programs*
 Remove all Java updates except the latest one you have just installed.
*After that*

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

*Kaspersky works with Internet Explorer and Firefox 3.*

Go to *Kaspersky website* and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.


Read through the requirements and privacy statement and click on *Accept* button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Copy and paste that information in your next post.

*So when you return please post
MBAM log
Kaspersky scan results
and tell me how your computer is performing now
*


----------



## SmokinHope

Updated Java, here is first log. I am waiting on Kapersky to finish now.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4865

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

17/10/2010 19:45:13
mbam-log-2010-10-17 (19-45-13).txt

Scan type: Quick scan
Objects scanned: 141950
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## SmokinHope

Finally.............

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 17, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 17, 2010 15:10:42
Records in database: 4182361
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 125625
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:31:00


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir	Infected: Trojan.Win32.Clicker.hd	1
C:\Windows\System32\config\systemprofile\AppData\Local\atecutic.dll	Infected: Trojan-Downloader.Win32.Mufanom.airf	1

Selected area has been scanned.


Still running like crap. Hopefully not for too much longer.
Thanks.


----------



## emeraldnzl

Hello SmokinHope,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



Code:


KillAll::

File::
C:\Windows\System32\config\systemprofile\AppData\Local\atecutic.dll

Reboot::

Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at *C:\ComboFix.txt*. Please post that here for further review.


----------



## SmokinHope

Here it is,

ComboFix 10-10-17.02 - Owner 17/10/2010 23:15:13.5.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.971 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\atecutic.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\System32\config\systemprofile\AppData\Local\atecutic.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))
.

2010-10-18 03:17 . 2010-10-18 03:20	--------	d-----w-	c:\users\Owner\AppData\Local\temp
2010-10-18 03:17 . 2010-10-18 03:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-18 02:00 . 2010-09-09 22:52	6084944	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF1CA539-E76B-44E1-A564-6EACEAEC1B0F}\mpengine.dll
2010-10-17 23:28 . 2010-10-17 23:28	--------	d-----w-	c:\program files\Common Files\Java
2010-10-17 23:27 . 2010-10-17 23:27	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-17 23:27 . 2010-10-17 23:27	--------	d-----w-	c:\program files\Java
2010-10-17 21:22 . 2010-10-18 02:52	--------	d-----w-	c:\users\Owner\New Folder
2010-10-16 21:39 . 2010-10-16 21:39	--------	d-----w-	C:\_OTL
2010-10-16 16:32 . 2010-10-16 16:32	--------	d-----w-	c:\users\Owner\AppData\Roaming\Malwarebytes
2010-10-16 16:32 . 2010-04-29 19:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 16:32 . 2010-10-16 16:32	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-16 16:32 . 2010-04-29 19:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-15 15:19 . 2010-10-15 15:20	--------	d-----w-	c:\users\Owner\AppData\Local\MigWiz
2010-10-11 19:53 . 2010-10-11 19:53	--------	d-----w-	c:\program files\Trend Micro
2010-10-10 20:38 . 2010-10-10 22:30	--------	d-----w-	c:\users\Owner\AppData\Roaming\Norton Utilities 14
2010-10-10 20:31 . 2010-10-10 20:31	--------	d-----w-	c:\programdata\Norton Installer
2010-10-10 20:30 . 2008-04-02 19:54	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
2010-10-10 20:30 . 2008-04-02 19:53	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
2010-10-10 20:30 . 2008-04-02 19:53	880640	----a-w-	c:\windows\system32\UniBox10.ocx
2010-10-10 20:30 . 2004-08-04 11:00	506368	----a-w-	c:\windows\system32\msxml.dll
2010-10-10 20:30 . 2010-10-16 18:51	--------	d-----w-	c:\program files\Norton Utilities 14
2010-10-08 18:40 . 2010-10-09 19:35	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-10-08 18:40 . 2010-10-08 18:43	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-10-08 00:26 . 2010-10-08 00:26	--------	d-----w-	c:\programdata\WindowsSearch
2010-10-07 17:19 . 2010-10-16 16:42	--------	d-----w-	c:\programdata\Update
2010-09-29 05:54 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-29 05:54 . 2010-08-26 04:23	13312	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-09-26 17:09 . 2010-09-26 17:09	--------	d-----w-	c:\users\Owner\{b5095b50-7692-44fa-8538-b20ee82ee082}
2010-09-26 17:05 . 2010-09-26 17:05	--------	d-----w-	c:\users\Owner\{2fe662d9-b989-4816-aa46-49ee39437996}
2010-09-20 07:00 . 2010-09-20 07:00	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-19 23:25 . 2010-09-19 23:25	--------	d-----w-	c:\users\Owner\Tracing
2010-09-19 23:22 . 2010-10-01 05:34	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-19 23:22 . 2010-09-19 23:22	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-09-19 23:22 . 2010-04-28 11:44	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2010-09-19 23:20 . 2006-11-29 17:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll
2010-09-19 23:20 . 2010-09-19 23:20	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-09-19 23:20 . 2010-09-26 17:07	--------	d-----w-	c:\program files\Microsoft
2010-09-19 23:19 . 2010-09-19 23:19	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-09-19 23:19 . 2010-09-19 23:32	--------	d-----w-	c:\program files\Windows Live
2010-09-19 23:19 . 2010-09-19 23:19	--------	d-----w-	c:\windows\PCHEALTH
2010-09-19 23:03 . 2010-09-19 23:03	--------	d-----w-	c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Malwarebytes Anti-Malware (reboot)"="c:\users\Owner\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-17 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AcerMemUsageCheckService"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"eDataSecurity Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"BrStsWnd"=c:\program files\Brownie\BrstsWnd.exe Autorun
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a3136dd0d330;Google Update Service (gupdate1c9a3136dd0d330);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-22 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 22:15]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 13:06]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 13:06]

2010-10-18 c:\windows\Tasks\User_Feed_Synchronization-{EC461CF5-9111-4C9F-90DC-552DC3EBDA5E}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = https://max.greyhound.ca/max/logout.do
mStart Page = hxxp://en.ca.acer.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: greyhound.ca\express
Trusted Zone: greyhound.ca\max
DPF: {CFA29D95-DAD1-4B16-B987-3F558BCCBDFF} - hxxps://max.greyhound.ca/max/pages/pinpad/PinPad.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-10-17 23:24:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-18 03:24
ComboFix2.txt 2010-10-17 22:27
ComboFix3.txt 2010-10-16 22:48

Pre-Run: 106,752,233,472 bytes free
Post-Run: 106,628,337,664 bytes free

- - End Of File - - 618C2B75570572E8DEE7D8ADCF49EBF9


----------



## emeraldnzl

Hi SmokinHope,

Any change in your computer now?


----------



## SmokinHope

Yes ty seems to be running much better. You are the BEST!!!!

Thank you so much.


----------



## emeraldnzl

Hello SmokinHope,

I think your machine is clean now.

We have a couple of last steps to perform and then you're all set.









*Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.*

 Click *START* then *RUN*
 Now type *Combofix /Uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









*Step 2*

Double-click *OTL.exe* to run it. (Vista users, please right click on *OTL.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose *Yes.*

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

-------------------------------------------------------------------------------------------------------------------

*A reminder:* Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

*Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:*

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here *Java Runtime Environment (JDK) Update * 
Scroll to where it says *"Windows XP/Vista/2000/2003/2008 online" * and download and follow the instructions to install.

Reboot your computer. 
You also need to uininstall older versions of Java.

 Click *Start* > *Control Panel* > *Programs*
 Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:
*TFC.exe* 
---------------------------------------------------------------------------------------------------------------------

To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (*Start > Programs > Accessories > System Tools > Disk Defragmentor*) or alternatively here is a program you can download and use: *Puran Disc Defragmenter*

---------------------------------------------------------------------------------------------------------------------

*Make Internet Explorer more secure*

Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.
*** Consider using an alternate browser.

Opera may be downloaded from *here*. It is one of the least targeted of all browers.

Avant may be downloaded from *here*. Another one that is less well known.

Firefox may be downloaded from *Here*. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:




If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click *Start > Control Panel > System and Security > Windows Update*
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click *OK*.

And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.

*Malwarebytes* 
*SuperAntiSpyWare*
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!


----------



## SmokinHope

Thank you, I will finish up with this next weekend as I will be away from my puter until then. I am using my laptop this week. I will post next weekend to let you know how it went. Your help has been greatly appreciated. You have inspired me to want to learn more about malware.

Thanks,
Sheila


----------



## SmokinHope

btw I use Google Chrome on my laptop and have not had any problems. What do you think of chrome?


----------



## emeraldnzl

> Thank you, I will finish up with this next weekend as I will be away from my puter until then.


You are very welcome. I look forward to hearing how it went.



> What do you think of chrome?


Good question. I know a number of people have reported that they liked it. I don't really have an opinion.

I use Firefox both because I like it and because there is an Add-on that I use for analyzing malware that works with it. I did download and try Chrome once but found it didn't have some things built in in the same way Firefox did (at least at the time I tried it... may have changed since) e.g. sending a link to someone required an Add-on or somesuch.

Haven't heard of any specific security issues with it although that could change as it becomes more popular. Malware developers seem to go where the biggest market is.

You should use what you are comfortable with and like, is my thought.


----------



## SmokinHope

Hi Emeraldnzl, I guess we can mark this solved. When I came home this weekend I was surprised with a new computer. All that work......sorry. Thank you very much for all your time and patience with me.

Sheila


----------



## emeraldnzl

Hi SmokinHope,

Glad to hear all is going well.

Have a great day.


----------

