Please help!

View previous topic View next topic Go down

Please help!

Post by ChantalDaigle on Mon Jan 10, 2011 3:51 am

When I open internet explorer, it starts to lag right away. Most times I can just type the website in the address bar and it take me right to the page, but when I use google (or whatever search engine), when clicking on any link that comes up, this virus redirects me to some sort of "software download" page and does this sort of mock scan. When I try to exit by the "x" in the corner, I get a box that pops up and warns me about closing the page and gives me "cancel" or "continue". When hitting that cancel it does nothing and I have to click every exit on the page several times to get out. Most annoying thing I've ever seen really. It doesn't happen as often if I don't have multiple tabs running, but I do get a lot of pop ups, even if I have pop-up blocker on the strongest security level.

Really need some assistance with this, would be most appreciated.

Cheers.

OTL logfile created on: 09/01/2011 11:05:56 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Chantal\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.96 Gb Total Space | 79.24 Gb Free Space | 56.22% Space Free | Partition Type: NTFS
Drive D: | 8.09 Gb Total Space | 1.79 Gb Free Space | 22.11% Space Free | Partition Type: NTFS

Computer Name: CHANTAL-PC | User Name: Chantal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/09 23:04:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/31 23:42:40 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/09/18 12:13:17 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/31 08:35:15 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/31 08:35:07 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/31 08:35:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/31 08:34:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/31 08:34:34 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/01 19:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2007/03/29 13:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
PRC - [2007/03/29 13:59:42 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
PRC - [2007/03/28 20:45:34 | 000,270,431 | ---- | M] () -- C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2005/05/06 20:47:08 | 002,224,128 | ---- | M] ([You must be registered and logged in to see this link.] -- C:\Program Files\BitLord\BitLord.exe


========== Modules (SafeList) ==========

MOD - [2011/01/09 23:04:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/31 08:35:03 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/07/31 08:34:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/06/25 17:59:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/08 13:42:15 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/29 13:59:42 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/03/28 20:45:38 | 000,118,877 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/03/28 20:45:34 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chantal\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Chantal\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/07/31 08:35:16 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/07/31 08:35:15 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/09 16:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/08 08:55:00 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/05/08 08:54:46 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2007/02/28 14:26:00 | 004,465,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/22 12:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/16 04:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/12 23:59:02 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/15 13:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 08:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 06:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 23:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 23:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 23:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/08/05 05:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mail.redcow.ca"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 12:03:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 23:36:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 23:36:08 | 000,000,000 | ---D | M]

[2008/09/10 17:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chantal\AppData\Roaming\Mozilla\Extensions
[2010/11/21 19:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\extensions
[2010/01/23 15:11:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/17 14:34:28 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français) -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2010/02/24 11:31:57 | 000,001,595 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\searchplugins\amazondotcom.xml
[2009/05/06 09:12:41 | 000,001,595 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\searchplugins\ebay.xml
[2009/02/09 22:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 12:03:14 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX

O1 HOSTS File: ([2010/09/10 23:14:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Jaybob's Movies Toolbar) - {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Jaybob's Movies Toolbar) - {33a329ee-7f7d-471e-ac67-15c54d970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Jaybob's Movies Toolbar) - {33A329EE-7F7D-471E-AC67-15C54D970678} - C:\Program Files\Jaybob's_Movies\tbJayb.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [odbcPad80] C:\Users\Chantal\AppData\Local\msWImon2\odbcPad80.DLL ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chantal\Pictures\Randomly_Backgrounds_by_Za29.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chantal\Pictures\Randomly_Backgrounds_by_Za29.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 14:59:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {77A7A6CE-B2B4-C577-DFCB-D8BF43BF0E9E} - Java (Sun)
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {984FC254-1146-D27F-6284-1C648C4E9E90} -
ActiveX: {9F4E6918-9D38-44A4-DA40-3669316033BE} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 23:04:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
[2010/12/19 02:26:10 | 000,000,000 | ---D | C] -- C:\3046b0cee191c8dc90
[2010/12/19 02:14:59 | 000,000,000 | ---D | C] -- C:\Users\Chantal\AppData\Roaming\AVG8
[2007/07/04 20:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 23:04:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chantal\Desktop\OTL.com
[2011/01/09 22:53:26 | 003,297,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/09 22:53:25 | 001,490,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/09 22:48:02 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.001
[2011/01/09 22:48:02 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F650F526-C568-4D3A-87C2-E03AC2725E1E}.job
[2011/01/09 22:48:02 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/09 22:47:58 | 000,007,484 | ---- | M] () -- C:\Users\Chantal\AppData\Local\d3d9caps.dat
[2011/01/09 22:46:04 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/09 22:46:04 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/09 22:45:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/19 02:14:24 | 069,088,563 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/12/19 02:11:43 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 22:03:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/24 21:52:02 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/07/24 21:52:02 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/12/26 21:33:00 | 000,000,004 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\E2433E
[2009/12/26 21:32:59 | 000,870,128 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\mcs.rma
[2009/10/18 18:03:17 | 000,000,091 | ---- | C] () -- C:\Windows\CDGUIDE.INI
[2009/10/18 18:02:24 | 000,007,484 | ---- | C] () -- C:\Users\Chantal\AppData\Local\d3d9caps.dat
[2009/08/17 19:19:42 | 000,001,102 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\wklnhst.dat
[2009/06/09 16:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/02/11 16:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/09/08 19:40:52 | 000,045,056 | ---- | C] () -- C:\Users\Chantal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 12:31:34 | 000,013,119 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\nvModes.dat
[2008/09/08 12:31:34 | 000,013,119 | ---- | C] () -- C:\Users\Chantal\AppData\Roaming\nvModes.001
[2008/09/08 12:13:35 | 000,000,000 | ---- | C] () -- C:\Users\Chantal\AppData\Local\QSwitch.txt
[2008/09/08 12:13:35 | 000,000,000 | ---- | C] () -- C:\Users\Chantal\AppData\Local\DSwitch.txt
[2008/09/08 12:13:35 | 000,000,000 | ---- | C] () -- C:\Users\Chantal\AppData\Local\AtStart.txt
[2007/05/04 14:45:22 | 000,000,681 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 20:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 17:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/10 13:34:15 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/08 21:14:25 | 000,000,286 | -HS- | M] () -- C:\Users\Chantal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/08/26 22:00:23 | 023,173,416 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Chantal\Desktop\SkypeSetupFull-Beta.exe
[2010/02/24 23:56:43 | 000,859,984 | ---- | M] (Microsoft Corporation) -- C:\Users\Chantal\Desktop\windowsmedia9-kb929182-intl.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/19 14:53:02 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2uvc.src
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/08/06 06:49:31 | 000,008,192 | ---- | M] () -- C:\WINDOWS\security\database\edb.chk
[2009/08/06 06:49:03 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edb.log
[2007/06/19 00:40:02 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbres00001.jrs
[2007/06/19 00:40:02 | 001,048,576 | ---- | M] () -- C:\WINDOWS\security\database\edbres00002.jrs
[2009/08/06 06:49:03 | 001,056,768 | ---- | M] () -- C:\WINDOWS\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2009/05/14 08:04:34 | 000,185,848 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2009/05/14 08:04:35 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/05/14 08:04:43 | 000,242,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/08 12:12:50 | 000,000,402 | -HS- | M] () -- C:\Users\Chantal\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/10 16:52:13 | 000,000,681 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2008/09/09 21:27:43 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\WINDOWS\System32\ANSI.SYS
[2008/09/09 21:28:39 | 000,224,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\WINDOWS\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\WINDOWS\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\WINDOWS\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\WINDOWS\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\WINDOWS\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\WINDOWS\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\WINDOWS\System32\NTIO804.SYS
[2009/08/14 10:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2006/08/05 05:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/10/20 17:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2009/04/19 16:39:33 | 000,002,396 | ---- | M] () -- C:\aaw7boot.log
[2007/05/04 14:59:36 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 05:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2010/09/13 20:47:42 | 000,011,123 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/02/16 17:18:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/16 17:18:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/01/09 22:45:39 | 2392,850,432 | -HS- | M] () -- C:\pagefile.sys
[2009/01/22 12:23:29 | 000,069,516 | ---- | M] () -- C:\playground.log
[2009/03/11 21:31:55 | 001,265,421 | ---- | M] () -- C:\saida.txt
[2007/05/04 15:23:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/05/04 15:23:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %PROGRAMFILES%\*. >
[2010/12/03 14:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2009/05/05 21:41:31 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2007/05/04 14:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2009/09/13 16:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/25 00:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\Apowersoft
[2010/01/24 20:33:07 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/22 20:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/09/26 13:34:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/03/15 15:26:33 | 000,000,000 | ---D | M] -- C:\Program Files\BitLord
[2010/10/23 23:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/06/03 10:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Can You See What I See
[2010/09/13 20:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/31 19:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/05/04 13:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/07/23 23:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/01/31 20:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/24 23:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010/02/24 12:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
[2009/06/05 13:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\Games
[2007/05/04 15:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/09/10 16:41:40 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2007/05/04 14:55:26 | 000,000,000 | ---D | M] -- C:\Program Files\HP Games
[2007/05/04 15:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2010/07/24 21:29:28 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/07/02 20:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/11/21 15:29:49 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/03 14:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/02/09 22:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/31 19:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Jaybob's_Movies
[2010/11/17 13:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2008/09/08 13:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/06 16:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/09/11 10:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/01/09 22:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/06/15 12:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/11/08 03:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/05/04 14:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/20 14:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/06/03 10:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/09/11 10:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/20 18:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/09/08 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/13 19:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars.NET
[2010/10/23 23:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/05/04 15:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/26 21:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2009/02/08 22:45:40 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/04/19 13:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sandboxie
[2010/08/26 22:01:25 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/08/06 07:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2007/05/04 13:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/07/23 23:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2010/07/24 21:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2010/09/10 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/12/03 14:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Vongo
[2009/06/02 21:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Wandering Willows
[2008/09/08 14:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/09/08 14:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/10/06 16:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/04/20 18:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/04/23 14:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/29 02:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/11/02 08:42:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/09/08 14:32:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/08/12 07:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< %appdata%\*.* >
[2009/12/26 21:33:00 | 000,000,004 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\E2433E
[2009/12/26 21:33:00 | 000,870,128 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\mcs.rma
[2011/01/09 22:48:02 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.001
[2010/12/19 02:11:43 | 000,013,119 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\nvModes.dat
[2010/08/30 16:06:42 | 000,001,102 | ---- | M] () -- C:\Users\Chantal\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/05/04 15:07:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/05/04 15:07:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/05/04 15:07:05 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/09/08 13:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/09/08 13:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/09/08 13:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/09/08 13:36:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/09/08 13:36:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\WINDOWS\System32\drivers\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\WINDOWS\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\SwSetup\Chipset\WinVista32\IDE\WinVista\sata_ide\nvstor32.sys
[2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\WINDOWS\System32\drivers\nvstor32.sys
[2006/12/22 17:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvstor32.inf_07a99397\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Mon Jan 10, 2011 3:51 am

< MD5 for: USBSTOR.SYS >
[2008/09/08 13:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2008/09/08 13:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\WINDOWS\System32\DriverStore\FileRepository\usbstor.inf_8416e98e\USBSTOR.SYS
[2008/09/08 13:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7887CE56934E7F104E98C975F47353C5 -- C:\WINDOWS\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.16478_none_465c5f209ade1e53\USBSTOR.SYS
[2008/09/08 13:41:40 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=7DA1833F2B2500C755AB6C81C5ABFC88 -- C:\WINDOWS\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6000.20588_none_46db2bffb403da0e\USBSTOR.SYS
[2008/01/19 01:53:22 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\WINDOWS\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\WINDOWS\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-10 03:03:33

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:D02FBAEC
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:65241CBC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33384BC0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BDC42529
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3A6BC948
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:60A4BB64

< End of report >

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Mon Jan 10, 2011 4:14 pm

Hi, Welcome to GeekPolice.net!

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKCU..\Run: [odbcPad80] C:\Users\Chantal\AppData\Local\msWImon2\odbcPad80.DLL ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found


    :commands
    [emptytemp]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Tue Jan 11, 2011 7:24 am

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\odbcPad80 deleted successfully.
C:\Users\Chantal\AppData\Local\msWImon2\odbcPad80.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chantal
->Temp folder emptied: 23638237 bytes
->Temporary Internet Files folder emptied: 1042227573 bytes
->Java cache emptied: 95217675 bytes
->FireFox cache emptied: 71359808 bytes
->Flash cache emptied: 130986 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80922238 bytes
RecycleBin emptied: 518498773 bytes

Total Files Cleaned = 1,747.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01112011_020140

Files\Folders moved on Reboot...
File\Folder C:\Users\Chantal\AppData\Local\Temp\~DF5B2B.tmp not found!
File\Folder C:\Users\Chantal\AppData\Local\Temp\~DF5B8E.tmp not found!
File\Folder C:\Users\Chantal\AppData\Local\Temp\~DF5C32.tmp not found!
File\Folder C:\Users\Chantal\AppData\Local\Temp\~DF5C78.tmp not found!
File\Folder C:\Users\Chantal\AppData\Local\Temp\~DF5D20.tmp not found!
File\Folder C:\Users\Chantal\AppData\Local\Temp\~DF5D4B.tmp not found!
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V88CS3AX\likebox[6].htm moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V88CS3AX\t25678-please-help[1].htm moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IONR0MCH\google_ca[2].htm moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1IRHI9FY\f11-virus-spyware-malware-removal[1].htm moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1IRHI9FY\geekpolice_net[1].htm moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLF03AIL\improvedsearch[1].xml moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLF03AIL\improvedsearch[2].xml moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ2WXWKH\improvedsearch[1].xml moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ2WXWKH\improvedsearch[2].xml moved successfully.
C:\Users\Chantal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XWXQOW7\favicon[1].ico moved successfully.
File\Folder C:\Windows\temp\2acc86a9-b9d1-4d31-bdad-508114974ca1.tmp not found!
File\Folder C:\Windows\temp\7225a58e-06b9-4d06-a315-5194552762ca.tmp not found!
C:\Windows\temp\sqlite_rTckmMVfnMzadJe moved successfully.
File\Folder C:\Windows\temp\TMP00000001B0BB02509B28AF46 not found!

Registry entries deleted on Reboot...





============






ComboFix 11-01-10.06 - Chantal 11/01/2011 2:50.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1982.937 [GMT -4:00]
Running from: c:\users\Chantal\Desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chantal\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\users\Public\Documents\windows\winhelp.exe
c:\windows\system32\arp.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-11 07:05 . 2011-01-11 07:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-11 06:01 . 2010-11-16 16:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3BDDAA6-C5C1-4F89-9BED-1C1D6F43B038}\mpengine.dll
2011-01-11 06:01 . 2011-01-11 06:01 -------- d-----w- C:\_OTL
2011-01-10 05:52 . 2011-01-10 05:52 -------- d-----w- c:\program files\iPod
2011-01-10 03:01 . 2011-01-10 03:01 605960 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-19 06:26 . 2010-12-19 06:26 -------- d-----w- C:\3046b0cee191c8dc90

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 21:38 . 2010-11-29 21:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 21:38 . 2010-11-29 21:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-19 14:41 . 2009-10-04 21:16 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33a329ee-7f7d-471e-ac67-15c54d970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33a329ee-7f7d-471e-ac67-15c54d970678}]
2009-04-27 22:36 2088472 ----a-w- c:\program files\Jaybob's_Movies\tbJayb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{33a329ee-7f7d-471e-ac67-15c54d970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{33A329EE-7F7D-471E-AC67-15C54D970678}"= "c:\program files\Jaybob's_Movies\tbJayb.dll" [2009-04-27 2088472]

[HKEY_CLASSES_ROOT\clsid\{33a329ee-7f7d-471e-ac67-15c54d970678}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-08 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-11 26959144]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2010-08-25 338296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-5-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\User_Feed_Synchronization-{F650F526-C568-4D3A-87C2-E03AC2725E1E}.job
- c:\windows\system32\msfeedssync.exe [2010-07-02 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\5n3erpa0.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Dictionnaire HunSpell en Français: [You must be registered and logged in to see this link.] - %profile%\extensions\fr-FR@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-01-11 03:05
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-11 03:16:50
ComboFix-quarantined-files.txt 2011-01-11 07:16
ComboFix2.txt 2010-09-14 00:47
ComboFix3.txt 2010-09-11 03:20
ComboFix4.txt 2010-09-10 00:33
ComboFix5.txt 2011-01-11 06:47

Pre-Run: 74,115,084,288 bytes free
Post-Run: 74,091,896,832 bytes free

- - End Of File - - 3E6DDEEDD3F68541DFEC70DAEC230047

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Wed Jan 12, 2011 5:19 am

Hi,

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Wed Jan 12, 2011 9:36 pm

You guys have mad skills, soooooo much appreciated. Smile


=======


Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5508

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

12/01/2011 5:28:46 PM
mbam-log-2011-01-12 (17-28-46).txt

Scan type: Quick scan
Objects scanned: 149649
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WiniBlueSoft (Rogue.WinBlueSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Public\documents\Windows\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Wed Jan 12, 2011 10:42 pm

Hi,

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Thu Jan 13, 2011 2:18 am

This is all the log had, although I did notice there had been 5 infections:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Thu Jan 13, 2011 2:30 am

Hi,

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Thu Jan 13, 2011 2:44 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9000 (GL892UA#ABL)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x82000000 \SystemRoot\system32\ntkrnlpa.exe
0x823A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x802BD000 \SystemRoot\system32\PSHED.dll
0x802B5000 \SystemRoot\system32\BOOTVID.dll
0x8027A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x8026C000 \SystemRoot\System32\drivers\ehnbroaq.sys
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8025F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8021C000 \SystemRoot\system32\drivers\acpi.sys
0x80213000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8020B000 \SystemRoot\system32\drivers\msisadrv.sys
0x8047F000 \SystemRoot\system32\drivers\pci.sys
0x80470000 \SystemRoot\system32\drivers\volmgr.sys
0x80208000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80466000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80456000 \SystemRoot\System32\drivers\mountmgr.sys
0x80201000 \SystemRoot\system32\drivers\pciide.sys
0x80448000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x80440000 \SystemRoot\system32\drivers\atapi.sys
0x80422000 \SystemRoot\system32\drivers\ataport.SYS
0x80408000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x80776000 \SystemRoot\system32\DRIVERS\storport.sys
0x80745000 \SystemRoot\system32\drivers\fltmgr.sys
0x80735000 \SystemRoot\system32\drivers\fileinfo.sys
0x80631000 \SystemRoot\system32\drivers\ndis.sys
0x80606000 \SystemRoot\system32\drivers\msrpc.sys
0x81FC7000 \SystemRoot\system32\drivers\NETIO.SYS
0x81EBF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x81E55000 \SystemRoot\System32\Drivers\ksecdd.sys
0x81E1F000 \SystemRoot\system32\drivers\volsnap.sys
0x80400000 \SystemRoot\System32\Drivers\spldr.sys
0x81E10000 \SystemRoot\System32\drivers\partmgr.sys
0x81E01000 \SystemRoot\System32\Drivers\mup.sys
0x87BDB000 \SystemRoot\System32\drivers\ecache.sys
0x87BCA000 \SystemRoot\system32\drivers\disk.sys
0x87BA9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BA0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B411000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885E8000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88438000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AA1E000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8AB40000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B5F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ABAA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B97A000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C1BD000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B8DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B404000 \SystemRoot\System32\drivers\watchdog.sys
0x8AA39000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B426000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B8A0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B522000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B50A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8840A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x885D8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B892000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B87A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B86C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B858000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B807000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C1AB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C0E9000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
0x8C0D6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B4FF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C0AB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ABF4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C0A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C075000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C06A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C053000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C048000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C025000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C016000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C003000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C9E4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ABE2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C9BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B430000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C9F3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ABCE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C946000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AA70000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C8CA000 \SystemRoot\system32\drivers\CHDART.sys
0x8C89D000 \SystemRoot\system32\drivers\portcls.sys
0x8C878000 \SystemRoot\system32\drivers\drmk.sys
0x8C83B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CAFD000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CA49000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C82E000 \SystemRoot\system32\drivers\modem.sys
0x8C817000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCAD000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8C80A000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8B5C1000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x885F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B5C8000 \SystemRoot\System32\Drivers\Null.SYS
0x8B5CF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CA3D000 \SystemRoot\System32\drivers\vga.sys
0x8CA1C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8857C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x88514000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CA11000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CA03000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AB50000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90F2B000 \SystemRoot\System32\drivers\tcpip.sys
0x8CC74000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CC5F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CC2D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CC19000 \SystemRoot\system32\DRIVERS\smb.sys
0x90EE4000 \SystemRoot\system32\drivers\afd.sys
0x8CC03000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90ED6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8ABF8000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x90EC3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90E88000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B43A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90E31000 \SystemRoot\System32\Drivers\dfsc.sys
0x8AA02000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B444000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8B4C6000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x98200000 \SystemRoot\System32\win32k.sys
0x8B46C000 \SystemRoot\System32\drivers\Dxapi.sys
0x9AC81000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B200000 \SystemRoot\System32\TSDDD.dll
0x9B210000 \SystemRoot\System32\cdd.dll
0x9B220000 \SystemRoot\System32\ATMFD.DLL
0x9CB85000 \SystemRoot\system32\drivers\luafv.sys
0x9E0B2000 \SystemRoot\system32\drivers\spsys.sys
0x9AB30000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E047000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8B4B2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E034000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9EAE7000 \SystemRoot\system32\drivers\HTTP.sys
0x9E602000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EA62000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E1AC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EA42000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EA24000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F1C7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EA12000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F1A3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F0DB000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CA7E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA04A2000 \SystemRoot\system32\drivers\peauth.sys
0x8B41C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EB71000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8854C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAA50A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB3BD8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77330000 \WINDOWS\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
400 C:\WINDOWS\System32\smss.exe
528 csrss.exe
576 C:\WINDOWS\System32\wininit.exe
588 csrss.exe
620 C:\WINDOWS\System32\services.exe
632 C:\WINDOWS\System32\lsass.exe
640 C:\WINDOWS\System32\lsm.exe
772 C:\WINDOWS\System32\svchost.exe
808 C:\WINDOWS\System32\winlogon.exe
872 C:\WINDOWS\System32\svchost.exe
916 C:\WINDOWS\System32\svchost.exe
960 C:\WINDOWS\System32\svchost.exe
992 C:\WINDOWS\System32\svchost.exe
1028 C:\WINDOWS\System32\svchost.exe
1164 C:\WINDOWS\System32\audiodg.exe
1188 C:\WINDOWS\System32\svchost.exe
1212 C:\WINDOWS\System32\SLsvc.exe
1252 C:\WINDOWS\System32\svchost.exe
1436 C:\WINDOWS\System32\svchost.exe
1644 C:\WINDOWS\System32\spoolsv.exe
1668 C:\WINDOWS\System32\svchost.exe
1988 C:\WINDOWS\System32\dwm.exe
2004 C:\WINDOWS\System32\taskeng.exe
2044 C:\WINDOWS\explorer.exe
684 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1880 C:\Program Files\Bonjour\mDNSResponder.exe
1944 C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
1564 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1932 C:\WINDOWS\System32\svchost.exe
1044 C:\WINDOWS\System32\svchost.exe
1384 C:\WINDOWS\System32\svchost.exe
1692 C:\WINDOWS\System32\svchost.exe
1116 C:\Program Files\Vongo\VongoService.exe
520 C:\WINDOWS\System32\svchost.exe
2076 C:\WINDOWS\System32\SearchIndexer.exe
2088 C:\WINDOWS\System32\drivers\XAudio.exe
2116 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2452 C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
2652 C:\WINDOWS\System32\taskeng.exe
2892 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2924 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
2948 C:\Program Files\Hp\QuickPlay\QPService.exe
2964 C:\Program Files\Java\jre6\bin\jusched.exe
2984 C:\WINDOWS\vsnp2uvc.exe
3088 C:\Program Files\iTunes\iTunesHelper.exe
3108 C:\WINDOWS\System32\rundll32.exe
3136 C:\Program Files\Windows Sidebar\sidebar.exe
3144 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3288 C:\Program Files\Skype\Phone\Skype.exe
3428 C:\Program Files\Vongo\Tray.exe
3688 C:\Program Files\iPod\bin\iPodService.exe
3268 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2300 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4008 C:\WINDOWS\System32\wuauclt.exe
5956 C:\Program Files\Internet Explorer\iexplore.exe
6016 C:\Program Files\Internet Explorer\iexplore.exe
716 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
3960 C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
4920 C:\WINDOWS\System32\taskeng.exe
492 C:\WINDOWS\System32\conime.exe
5948 C:\Program Files\Internet Explorer\iexplore.exe
4276 C:\Program Files\Internet Explorer\iexplore.exe
4912 dllhost.exe
5944 dllhost.exe
6076 C:\Users\Chantal\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`3d5d4200 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2160BH PL, Rev: 891F

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Thu Jan 13, 2011 4:28 am

Hi,

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Fri Jan 14, 2011 5:17 am

2011/01/14 01:15:58.0171 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/14 01:15:58.0171 ================================================================================
2011/01/14 01:15:58.0171 SystemInfo:
2011/01/14 01:15:58.0171
2011/01/14 01:15:58.0171 OS Version: 6.0.6000 ServicePack: 0.0
2011/01/14 01:15:58.0171 Product type: Workstation
2011/01/14 01:15:58.0171 ComputerName: CHANTAL-PC
2011/01/14 01:15:58.0171 UserName: Chantal
2011/01/14 01:15:58.0171 Windows directory: C:\Windows
2011/01/14 01:15:58.0171 System windows directory: C:\Windows
2011/01/14 01:15:58.0171 Processor architecture: Intel x86
2011/01/14 01:15:58.0171 Number of processors: 2
2011/01/14 01:15:58.0171 Page size: 0x1000
2011/01/14 01:15:58.0171 Boot type: Normal boot
2011/01/14 01:15:58.0171 ================================================================================
2011/01/14 01:15:58.0811 Initialize success
2011/01/14 01:16:02.0602 ================================================================================
2011/01/14 01:16:02.0602 Scan started
2011/01/14 01:16:02.0602 Mode: Manual;
2011/01/14 01:16:02.0602 ================================================================================
2011/01/14 01:16:04.0520 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/01/14 01:16:04.0661 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/01/14 01:16:04.0786 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/01/14 01:16:04.0942 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/01/14 01:16:05.0035 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/01/14 01:16:05.0191 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/01/14 01:16:05.0316 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/01/14 01:16:05.0550 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/14 01:16:05.0628 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/01/14 01:16:05.0784 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/01/14 01:16:05.0893 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/01/14 01:16:05.0971 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/01/14 01:16:06.0080 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/14 01:16:06.0299 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/01/14 01:16:06.0392 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/01/14 01:16:06.0580 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/14 01:16:06.0704 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/01/14 01:16:06.0985 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/01/14 01:16:07.0094 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/01/14 01:16:07.0235 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/01/14 01:16:07.0562 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/14 01:16:07.0656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/14 01:16:07.0874 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/14 01:16:07.0999 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/14 01:16:08.0077 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/14 01:16:08.0171 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/14 01:16:08.0280 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/14 01:16:08.0374 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/14 01:16:08.0717 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/14 01:16:08.0826 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/14 01:16:08.0935 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/01/14 01:16:09.0107 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/01/14 01:16:09.0263 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/14 01:16:09.0372 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/01/14 01:16:09.0481 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/14 01:16:09.0793 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/01/14 01:16:09.0965 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/01/14 01:16:10.0121 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/01/14 01:16:10.0417 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/01/14 01:16:10.0620 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/14 01:16:10.0776 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/14 01:16:10.0948 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/14 01:16:11.0104 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/01/14 01:16:11.0275 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/14 01:16:11.0416 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/01/14 01:16:11.0540 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/14 01:16:11.0650 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/01/14 01:16:11.0821 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/01/14 01:16:12.0040 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/01/14 01:16:12.0305 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/01/14 01:16:12.0430 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/14 01:16:12.0710 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/01/14 01:16:12.0804 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/01/14 01:16:12.0991 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/14 01:16:13.0116 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/01/14 01:16:13.0256 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/14 01:16:13.0334 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/14 01:16:13.0475 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/14 01:16:13.0662 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/01/14 01:16:13.0834 HdAudAddService (07eee11d6e2b78122e17db3878b4c687) C:\Windows\system32\drivers\CHDART.sys
2011/01/14 01:16:13.0974 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/14 01:16:14.0068 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/14 01:16:14.0177 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/14 01:16:14.0286 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/14 01:16:14.0458 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/01/14 01:16:14.0614 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/01/14 01:16:14.0863 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/01/14 01:16:15.0144 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/01/14 01:16:15.0362 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/01/14 01:16:15.0518 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/01/14 01:16:15.0721 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/14 01:16:15.0893 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/01/14 01:16:16.0127 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/01/14 01:16:16.0330 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/14 01:16:16.0486 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/01/14 01:16:16.0564 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/14 01:16:16.0657 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/14 01:16:16.0907 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/14 01:16:17.0016 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/14 01:16:17.0188 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/01/14 01:16:17.0266 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/01/14 01:16:17.0359 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/14 01:16:17.0500 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/14 01:16:17.0578 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/14 01:16:17.0656 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/14 01:16:17.0780 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/14 01:16:18.0046 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/14 01:16:18.0326 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/14 01:16:18.0529 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/14 01:16:18.0607 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/14 01:16:18.0748 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/14 01:16:18.0872 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/01/14 01:16:19.0106 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/01/14 01:16:19.0247 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/01/14 01:16:19.0372 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/01/14 01:16:19.0481 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/14 01:16:19.0574 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/14 01:16:19.0746 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/14 01:16:19.0840 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/01/14 01:16:19.0964 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/01/14 01:16:20.0120 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/14 01:16:20.0230 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/14 01:16:20.0354 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/01/14 01:16:20.0479 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/14 01:16:20.0604 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/14 01:16:20.0698 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/14 01:16:20.0807 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/01/14 01:16:20.0932 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/01/14 01:16:21.0103 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/01/14 01:16:21.0197 msisadrv (2c3f1983cd3629573cb9e9658247847a) C:\Windows\system32\drivers\msisadrv.sys
2011/01/14 01:16:21.0337 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/14 01:16:21.0493 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/14 01:16:21.0618 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/01/14 01:16:21.0852 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/01/14 01:16:22.0039 mssmbios (1f6f7159c75e4b27d138b5225808860f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/14 01:16:22.0180 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/01/14 01:16:22.0320 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/01/14 01:16:22.0476 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/14 01:16:22.0788 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/01/14 01:16:23.0022 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/14 01:16:23.0272 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/14 01:16:23.0459 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/14 01:16:23.0568 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/01/14 01:16:23.0693 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/14 01:16:23.0849 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/14 01:16:24.0020 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/14 01:16:24.0161 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/01/14 01:16:24.0301 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/14 01:16:24.0473 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/01/14 01:16:24.0613 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/14 01:16:24.0691 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/01/14 01:16:24.0816 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/01/14 01:16:25.0159 nvlddmkm (446864078dbe3059587954cb2d858a9b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/01/14 01:16:25.0409 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/01/14 01:16:25.0534 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/01/14 01:16:25.0612 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/01/14 01:16:25.0752 nvstor32 (4c93d50bca15b3bfcab07306b258b248) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/01/14 01:16:25.0877 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/01/14 01:16:26.0173 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/14 01:16:26.0392 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/14 01:16:26.0516 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/01/14 01:16:26.0766 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/14 01:16:26.0938 pci (5bedd5e1416da009c4f24adf8da13773) C:\Windows\system32\drivers\pci.sys
2011/01/14 01:16:27.0062 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/01/14 01:16:27.0156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/14 01:16:27.0281 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/14 01:16:27.0655 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/14 01:16:27.0749 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/01/14 01:16:27.0920 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/14 01:16:28.0108 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/01/14 01:16:28.0279 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/14 01:16:28.0420 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/14 01:16:28.0513 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/14 01:16:28.0654 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/14 01:16:28.0810 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/14 01:16:28.0966 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/14 01:16:29.0059 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/14 01:16:29.0215 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/01/14 01:16:29.0293 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/14 01:16:29.0434 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/01/14 01:16:29.0621 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/01/14 01:16:29.0714 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/01/14 01:16:29.0824 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/01/14 01:16:29.0980 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/14 01:16:30.0104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/14 01:16:30.0276 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/01/14 01:16:30.0401 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/14 01:16:30.0541 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/14 01:16:30.0650 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/14 01:16:30.0791 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/01/14 01:16:31.0025 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/14 01:16:31.0118 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/14 01:16:31.0243 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/14 01:16:31.0368 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/14 01:16:31.0555 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/01/14 01:16:31.0649 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/01/14 01:16:31.0742 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/01/14 01:16:31.0945 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/01/14 01:16:32.0288 SNP2UVC (5140166bbcafe1393d4669353a1f8c0a) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/01/14 01:16:32.0585 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/01/14 01:16:32.0741 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/01/14 01:16:32.0912 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/14 01:16:33.0022 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/14 01:16:33.0193 swenum (92894dd7fdd62af808b1409b73af9c73) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/14 01:16:33.0302 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/14 01:16:33.0443 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/14 01:16:33.0552 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/14 01:16:34.0020 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/14 01:16:34.0769 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/01/14 01:16:35.0486 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/14 01:16:35.0954 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/14 01:16:36.0298 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/01/14 01:16:36.0500 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/01/14 01:16:36.0937 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/14 01:16:37.0124 TermDD (85908da29af0ab835048107ad2ad07d1) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/14 01:16:37.0358 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/14 01:16:37.0468 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/14 01:16:37.0546 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/14 01:16:37.0592 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/01/14 01:16:37.0670 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/14 01:16:37.0795 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/14 01:16:37.0920 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/01/14 01:16:38.0014 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/14 01:16:38.0092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/14 01:16:38.0482 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/14 01:16:39.0246 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/14 01:16:39.0636 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/14 01:16:39.0901 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/14 01:16:40.0541 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/14 01:16:40.0931 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/14 01:16:41.0368 usbohci (4f8dd5c9b756efce251784d6ac63e4ab) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/14 01:16:41.0851 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/14 01:16:42.0116 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/14 01:16:42.0506 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/14 01:16:42.0725 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/14 01:16:42.0834 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/14 01:16:43.0193 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/14 01:16:43.0661 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/01/14 01:16:43.0973 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/01/14 01:16:44.0285 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/01/14 01:16:44.0737 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/01/14 01:16:45.0455 volmgr (d9e9490c960624c416fbde080deeb7fe) C:\Windows\system32\drivers\volmgr.sys
2011/01/14 01:16:45.0907 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/01/14 01:16:46.0344 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/01/14 01:16:46.0594 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/01/14 01:16:46.0921 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/14 01:16:47.0420 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 01:16:47.0498 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/14 01:16:47.0904 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/01/14 01:16:48.0419 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/14 01:16:49.0199 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/01/14 01:16:49.0698 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/14 01:16:50.0057 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/14 01:16:50.0416 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/14 01:16:51.0024 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/14 01:16:51.0476 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/01/14 01:16:51.0757 ================================================================================
2011/01/14 01:16:51.0757 Scan finished
2011/01/14 01:16:51.0757 ================================================================================

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Sat Jan 15, 2011 3:17 am

Hi,

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:



  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [You must be registered and logged in to see this link.] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [You must be registered and logged in to see this link.] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:


If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Sat Jan 15, 2011 9:02 am

Followed the steps. My computer has nothing on it. Wiped completely.

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by ChantalDaigle on Sat Jan 15, 2011 9:08 am

I lost everything. I can't even connect to the Internet

ChantalDaigle
Novice
Novice

Status :
Online
Offline

Posts : 18
Joined : 2009-02-09
OS : HP Pavilion DV 9000

View user profile

Back to top Go down

Re: Please help!

Post by Sneakyone on Sun Jan 16, 2011 6:05 am

Hi,

Are you able to boot into Safe Mode?


I'm livin' life in the fast lane.


Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum