1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Latest Windows Updates Failing to Install - Malware Suspected

Discussion in 'Malware and Virus Removal Archive' started by oserdavid, 2010/10/18.

Page 1 of 2
  1. 2010/10/18
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    [Resolved] Latest Windows Updates Failing to Install - Malware Suspected

    I was requested to run the DDS tool by Arie over at:

    http://www.windowsbbs.com/windows-v...error-codes-8007371c-800703f9.html#post536085

    ...And to post the resultant two sets of text results here. Many thanks. Here they are... DDS.txt first

    This is DDS.Txt (Attach.txt will be posted in a separate posting).
    DDS (Ver_10-10-10.03) - NTFSx86
    Run by David at 12:02:52.21 on 18/10/2010
    Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.44.1033.18.3070.1502 [GMT 1:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    E:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    E:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\System32\svchost.exe -k LPDService
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\alg.exe
    E:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    E:\Program Files\FireTrust\MailWasher\MailWasherProApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\David\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://www.google.co.uk
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.co.uk
    mDefault_Page_URL = hxxp://www.google.co.uk
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No File
    TB: {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Skype] "e:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [MailDrop] "e:\program files\MailDrop" -background
    uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [<NO NAME>]
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe "
    mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [HWSetup] \HWSetup.exe hwSetUP
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [EvtMgr6] e:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - e:\program files\firetrust\mailwasher\MailWasherPro.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cordle~1.lnk - c:\program files\cordless usb phone\Cordless DUALphone Suite.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube Download - c:\users\david\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\users\david\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: Send image to &Bluetooth Device... - e:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - e:\program files\belkin\bluetooth software\btsendto_ie.htm
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - e:\program files\belkin\bluetooth software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: secunia.com\psi
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs:
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\o0yxt6mx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\david\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\david\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\david\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
    FF - plugin: e:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
    FF - plugin: e:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    e:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    e:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

    ============= SERVICES / DRIVERS ===============

    R0 CplIR;Embedded IR Driver;c:\windows\system32\drivers\CplIR.sys [2007-3-6 14848]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
    R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 12872]
    R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 67656]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-28 304464]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-28 20952]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 27168]
    R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-10-25 16896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9c9207972e6d0;Google Update Service (gupdate1c9c9207972e6d0);c:\program files\google\update\GoogleUpdate.exe [2009-4-30 133104]
    S3 2hotspot controller;2hotspot Miniport;c:\windows\system32\drivers\acontrol.sys [2008-11-14 72456]
    S3 AtiDCM;AtiDCM;c:\program files\ati\cim\bin\atidcmxx.sys [2007-9-20 17280]
    S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-24 21504]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
    S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2009-12-21 27168]
    S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2008-11-17 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]
    S4 TomTomHOMEService;TomTomHOMEService;e:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    =============== Created Last 30 ================

    2010-10-15 11:37:33 -------- d-----w- c:\users\david\appdata\local\ElevatedDiagnostics
    2010-10-15 11:35:59 -------- d-----w- c:\program files\Microsoft ATS
    2010-10-15 10:22:00 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2f7fc413-48bc-4160-98b4-cd6e2dfb2bf8}\mpengine.dll
    2010-10-14 00:50:40 -------- d-----w- c:\users\david\appdata\roaming\ESET
    2010-10-14 00:50:40 -------- d-----w- c:\users\david\appdata\local\ESET
    2010-10-14 00:41:59 -------- d-----w- c:\windows\system32\catroot2(39)
    2010-10-14 00:41:59 -------- d-----w- c:\windows\system32\catroot2
    2010-10-13 23:58:10 -------- d-----w- c:\program files\ESET
    2010-10-13 18:22:45 -------- d-----w- c:\windows\system32\catroot2.bak
    2010-10-13 18:22:45 -------- d-----w- c:\windows\system32\catroot2(50)
    2010-10-13 18:22:45 -------- d-----w- c:\windows\system32\catroot2(40).bak
    2010-10-13 17:42:43 -------- d-----w- c:\windows\CheckSur
    2010-10-13 06:30:57 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 06:30:23 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 06:30:22 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 06:30:14 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-06 00:28:37 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
    2010-10-06 00:28:37 -------- d-----w- c:\windows\tessdata
    2010-10-06 00:28:35 962560 ------w- c:\windows\tesseract.exe
    2010-10-06 00:28:35 2680320 ------w- c:\windows\system32\ImageEnXLibrary.ocx
    2010-10-06 00:28:21 -------- d-----w- c:\progra~2\Tarma Installer
    2010-10-03 00:37:05 -------- d-----w- c:\users\david\appdata\local\MailDrop
    2010-10-02 15:56:18 -------- d-----w- c:\users\david\appdata\roaming\Dropbox
    2010-10-01 14:37:50 -------- d-----w- c:\users\david\Tracing
    2010-10-01 14:00:42 -------- d-----w- c:\users\david\appdata\roaming\Windows Live Writer
    2010-10-01 14:00:42 -------- d-----w- c:\users\david\appdata\local\Windows Live Writer
    2010-10-01 13:51:55 -------- d-----w- c:\windows\en
    2010-10-01 13:50:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-10-01 13:44:18 15712 ----a-w- c:\program files\common files\windows live\.cache\be4c062e1cb616e08\MeshBetaRemover.exe
    2010-10-01 13:44:15 94040 ----a-w- c:\program files\common files\windows live\.cache\bb0abdde1cb616e07\DSETUP.dll
    2010-10-01 13:44:15 525656 ----a-w- c:\program files\common files\windows live\.cache\bb0abdde1cb616e07\DXSETUP.exe
    2010-10-01 13:44:15 1691480 ----a-w- c:\program files\common files\windows live\.cache\bb0abdde1cb616e07\dsetup32.dll
    2010-10-01 13:44:04 94040 ----a-w- c:\program files\common files\windows live\.cache\b53fbd6e1cb616e06\DSETUP.dll
    2010-10-01 13:44:04 525656 ----a-w- c:\program files\common files\windows live\.cache\b53fbd6e1cb616e06\DXSETUP.exe
    2010-10-01 13:44:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\b53fbd6e1cb616e06\dsetup32.dll
    2010-10-01 13:43:01 -------- d-----w- c:\users\david\appdata\local\Windows Live
    2010-09-29 08:16:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 08:16:15 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-24 08:11:53 -------- d-----w- c:\users\david\appdata\roaming\Magnifier
    2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 13:13:50 1564072 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL
    2010-09-21 13:08:38 439168 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    2010-09-21 13:06:02 853912 ----a-w- c:\program files\common files\microsoft shared\windows live\wlidcli.dll
    2010-09-21 13:06:02 57752 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
    2010-09-21 13:03:14 193408 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE
    2010-09-21 13:03:14 1710464 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE
    2010-09-20 17:35:39 -------- d-----w- c:\progra~2\Xerox
    2010-09-20 14:14:02 -------- d-----w- c:\windows\addins
    2010-09-20 12:09:35 -------- d-----w- c:\users\david\appdata\local\HP
    2010-09-20 12:03:38 -------- d-----w- c:\users\david\appdata\roaming\HpUpdate
    2010-09-20 12:01:20 -------- d-----w- c:\program files\common files\HP
    2010-09-20 11:59:26 -------- d-----w- c:\program files\HP
    2010-09-19 23:23:53 -------- d-----w- c:\progra~2\WEBREG

    ==================== Find3M ====================

    2010-10-14 15:50:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-07 13:28:28 256 ----a-w- c:\windows\system32\pool.bin
    2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
    1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
    1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
    1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
    1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
    1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
    1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

    ============= FINISH: 12:03:35.87 ===============
     
    oserdavid,
    #1
  2. 2010/10/18
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Latest Windows (Vista) Updates Failing to Install - Malware Suspected (2)

    And here is Attach.txt following on from my posting immediately above.

    Many many thanks for your help...

    DDS (Ver_10-10-10.03)

    Microsoft® Windows Vistaâ„¢ Business
    Boot Device: \Device\HarddiskVolume3
    Install Date: 24/07/2008 10:28:09
    System Uptime: 18/10/2010 10:50:30 (2 hours ago)

    Motherboard: TOSHIBA | | ISRAA
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 36.007 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 142.726 GiB free.
    E: is FIXED (NTFS) - 73 GiB total, 45.799 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1585: 16/10/2010 02:13:12 - Scheduled Checkpoint
    RP1586: 16/10/2010 12:50:55 - Windows Update
    RP1587: 16/10/2010 12:52:48 - Windows Update
    RP1588: 16/10/2010 12:58:39 - Windows Update
    RP1589: 16/10/2010 14:14:02 - Windows Update
    RP1590: 16/10/2010 14:16:16 - Windows Update
    RP1591: 16/10/2010 14:47:55 - Windows Update
    RP1592: 17/10/2010 01:23:58 - Installed MailWasherPro
    RP1593: 17/10/2010 15:06:59 - Windows Update
    RP1594: 17/10/2010 15:55:44 - Windows Update
    RP1595: 17/10/2010 16:33:01 - Windows Update
    RP1596: 17/10/2010 16:47:00 - Windows Update
    RP1597: 17/10/2010 19:38:54 - Windows Update
    RP1599: 18/10/2010 00:22:10 - Windows Update
    RP1600: 18/10/2010 00:30:26 - Windows Update

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    7-Zip 4.65
    7500_7600_7700_Help1
    AAC Decoder
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Agent Ransack Version 1.7.3
    Apple Application Support
    Apple Software Update
    Aspell English Dictionary-0.50-2
    ATI Catalyst Install Manager
    Audacity 1.3.12 (Unicode)
    AutoUpdate
    Belarc Advisor 8.1
    BELKIN Bluetooth Software 6.0.1.4400
    BlackBerry Desktop Software 6.0
    BlackBerry Device Software Updater
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    bpd_scan_Carrier
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Camera Assistant Software for Toshiba
    Carbonite
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Choice Guard
    Citrix XenApp Web Plugin
    Combined Community Codec Pack 2009-09-09
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 4.0.9.322
    Cordless DUALphone Suite
    D3DX10
    Defraggler
    Destinations
    DeviceDiscovery
    DivX Codec
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DocProc
    Dropbox
    DVD Decrypter (Remove Only)
    eReg
    ESET Smart Security
    FastStone Capture 6.5
    Fax
    Foxit PDF Creator
    Foxit PDF Editor
    Foxit PDF IFilter
    Foxit Reader
    Free 3GP Video Converter version 3.2
    Free DVD Video Burner version 2.4
    Free Studio version 4.8
    Free Video to DVD Converter version 1.6
    FreeOCR 3.0
    GIMP 2.6.8
    GNU Aspell 0.50-3
    GoldWave v5.52
    Google Advertising Cookie Opt-out
    Google Gears
    Google Talk Plugin
    Google Update Helper
    GPBaseService2
    GTK+ Runtime 2.14.7 rev a (remove only)
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 14.0
    HP OfficeJet L7300/L7500/7600/7700
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HP_Network_UserGuide
    HPProductAssistant
    InfraRecorder
    Intel Matrix Storage Manager
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    L7700
    LADSPA_plugins-win-0.4.15
    LAME v3.98.2 for Audacity
    Logitech SetPoint 6.0
    MailDrop
    MailWasherPro
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Calculator Plus
    Microsoft Office 2000 SR-1 Standard
    Microsoft Office Converter Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Keyboard
    MKV Splitter
    MozBackup 1.4.10
    Mozilla Firefox (3.6.10)
    Mozilla Thunderbird (3.1.4)
    MPM
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    NSIS WeftQDA
    OCR Software by I.R.I.S. 14.0
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    OpenAL
    OpenOffice.org 3.2
    PDFTK Builder 3.5.3
    Picasa 3
    Pidgin
    PixiePack Codec Pack
    Polipo 1.0.4.1
    ProductContext
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Recuva
    Retrospect 7.6
    Scan
    Secunia PSI
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Segoe UI
    Skins
    Skypeâ„¢ 4.2
    Smart Defrag
    SmartWebPrinting
    SolutionCenter
    SpeedCrunch 0.10
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    Synaptics Pointing Device Driver
    Task Coach 0.78.4
    TBS WMP Plug-in
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    Tor 0.2.1.26
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    Toshiba Online Product Information
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TrayApp
    Tunebite
    Uninstall 1.0.0.1
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Utility Common Driver
    VC80CRTRedist - 8.0.50727.4053
    Vidalia 0.2.9
    Vista Shortcut Manager
    VLC media player 1.1.4
    VST Bridge 1.1
    WebReg
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    winLAME 2009 beta 1
    WordPerfect Office 12

    ==== Event Viewer Messages From Past Week ========

    18/10/2010 11:05:00, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
    18/10/2010 10:54:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
    18/10/2010 10:54:26, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    18/10/2010 10:54:26, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/10/2010 10:50:59, Error: volmgr [46] - Crash dump initialization failed!
    18/10/2010 00:49:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800703f9: Security Update for Windows Vista (KB981957).
    18/10/2010 00:49:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800703f9: Security Update for Windows Vista (KB2296011).
    18/10/2010 00:49:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800703f9: Security Update for Windows Vista (KB2281679).
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB981957~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB981957_client~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB981957_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB981957_client_1~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2296011_client~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2296011_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2296011_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2281679~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2281679_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2281679_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2281679_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB981957~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB981957~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2281679~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    18/10/2010 00:41:33, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2281679~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    18/10/2010 00:41:32, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    18/10/2010 00:40:32, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro L7700 Series with shared resource name HP Officejet Pro L7700 Series. Error 2114. The printer cannot be used by others on the network.
    18/10/2010 00:37:32, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.
    18/10/2010 00:37:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Update for Windows Vista (KB2345886).
    18/10/2010 00:37:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Security Update for Windows Vista (KB979687).
    18/10/2010 00:37:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Security Update for Windows Vista (KB2378111).
    18/10/2010 00:37:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Security Update for Windows Vista (KB2207566).
    18/10/2010 00:37:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2360131).
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-811_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-810_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-809_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-806_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-803_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-546_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-545_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-544_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-543_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-542_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-541_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-540_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-539_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-538_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-537_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-536_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-535_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-534_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-533_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-532_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-531_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-530_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-529_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-528_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-527_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-526_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-525_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-524_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-523_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-522_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-521_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-520_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-519_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-518_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-517_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-516_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-515_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-514_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-513_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-512_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-511_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-510_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-509_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-508_neutral_GDR from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-419_neutral_GDR from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-21_neutral_GDR from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-145_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-144_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-143_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-142_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-141_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-140_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-139_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-138_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-137_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-136_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-135_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-134_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-133_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-132_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-131_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-130_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-129_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-128_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-127_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-126_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-125_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-124_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-123_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-122_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-121_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-120_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-119_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-118_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-117_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-116_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-115_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-114_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-113_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-112_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-111_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-110_neutral_PACKAGE from package KB2378111(Security Update) into Absent(Absent) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-109_neutral_PACKAGE from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2378111-108_neutral_GDR from package KB2378111(Security Update) into Staged(Staged) state
    18/10/2010 00:37:05, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2378111 (Security Update) into Install Requested(Install Requested) state
    18/10/2010 00:35:45, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-384_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:45, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-383_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:45, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-317_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB967723 (Security Update) into Installed(Installed) state
    18/10/2010 00:35:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2345886 (Update) into Install Requested(Install Requested) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-99_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-98_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-97_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-96_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-95_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-94_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-93_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-92_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-91_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-90_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-89_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-88_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-87_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-86_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-85_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-84_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-83_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-82_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-81_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-80_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-79_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-78_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-77_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-76_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-7_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-624_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-623_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-622_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-619_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
     
    oserdavid,
    #2


  3. to hide this advert.

  4. 2010/10/18
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Here is the final half of Attach.txt

    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-616_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-5_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-408_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-407_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-406_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-405_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-404_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-403_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-402_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-401_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-400_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-4_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-399_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-398_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-397_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-396_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-395_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-394_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-393_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-392_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-391_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-390_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-389_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-388_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-387_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-386_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-385_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-314_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-312_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-310_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-308_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-2_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-101_neutral_PACKAGE from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-100_neutral_PACKAGE from package KB2345886(Update) into Absent(Absent) state
    18/10/2010 00:35:44, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2345886-10_neutral_GDR from package KB2345886(Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-6_neutral_PACKAGE from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-5_neutral_GDR from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-32_neutral_PACKAGE from package KB2207566(Security Update) into Absent(Absent) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-31_neutral_PACKAGE from package KB2207566(Security Update) into Absent(Absent) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-30_neutral_PACKAGE from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-29_neutral_PACKAGE from package KB2207566(Security Update) into Absent(Absent) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-26_neutral_PACKAGE from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-23_neutral_PACKAGE from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-15_neutral_PACKAGE from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2207566-14_neutral_GDR from package KB2207566(Security Update) into Staged(Staged) state
    18/10/2010 00:34:17, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2207566 (Security Update) into Install Requested(Install Requested) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-9_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-8_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-7_neutral_GDR from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-5_neutral_GDR from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-44_neutral_PACKAGE from package KB979687(Security Update) into Absent(Absent) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-43_neutral_PACKAGE from package KB979687(Security Update) into Absent(Absent) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-42_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-41_neutral_PACKAGE from package KB979687(Security Update) into Absent(Absent) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-38_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-35_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-24_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-23_neutral_PACKAGE from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-22_neutral_GDR from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 979687-20_neutral_GDR from package KB979687(Security Update) into Staged(Staged) state
    18/10/2010 00:33:21, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB979687 (Security Update) into Install Requested(Install Requested) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-8_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-6_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-47_neutral_PACKAGE from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-46_neutral_PACKAGE from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-45_neutral_PACKAGE from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-44_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-42_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-40_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-4_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-38_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-36_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-34_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-32_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-30_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-28_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-26_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-24_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-22_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-20_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-2_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-18_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-16_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-14_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-12_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2360131-10_neutral_GDR from package KB2360131(Security Update) into Staged(Staged) state
    18/10/2010 00:32:20, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2360131 (Security Update) into Install Requested(Install Requested) state
    17/10/2010 18:08:18, Error: EventLog [6008] - The previous system shutdown at 17:22:36 on 17/10/2010 was unexpected.
    17/10/2010 16:48:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Hotfix for Windows (KB947821).
    17/10/2010 16:33:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows Vista (KB2345886).
    17/10/2010 16:33:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2207566).
    17/10/2010 16:33:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB981957).
    17/10/2010 16:33:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB979687).
    17/10/2010 16:33:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2296011).
    17/10/2010 16:33:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2281679).
    17/10/2010 16:33:27, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2360131).
    17/10/2010 16:14:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv SASDIFSV SASKUTIL spldr Wanarpv6
    17/10/2010 16:14:09, Error: Service Control Manager [7001] - The TCP/IP Print Server service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    17/10/2010 16:14:09, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    17/10/2010 16:13:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    17/10/2010 16:13:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments " " in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    17/10/2010 16:13:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    17/10/2010 16:12:51, Error: EventLog [6008] - The previous system shutdown at 16:06:03 on 17/10/2010 was unexpected.
    17/10/2010 15:57:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows Vista (KB2378111).
    17/10/2010 15:39:00, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
    17/10/2010 15:39:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.
    17/10/2010 15:38:08, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Foxit PDF Printer with shared resource name Foxit PDF Printer. Error 2114. The printer cannot be used by others on the network.
    16/10/2010 15:14:52, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800703f9: Microsoft Browser Choice Screen Update for EEA Users of Windows Vista (KB976002).
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB976002_client~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB976002_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB976002_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB976002_client_0~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_3_for_KB976002~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB976002~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:18, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB976002~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 15:06:16, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB976002~31bf3856ad364e35~x86~~6.0.1.3 () into Absent(Absent) state
    16/10/2010 14:22:29, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2207566~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    16/10/2010 14:22:29, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2207566_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    16/10/2010 14:22:29, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2207566_client_2~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    16/10/2010 14:22:29, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2207566_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    16/10/2010 14:22:29, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2207566~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    16/10/2010 14:22:29, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2207566~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state
    16/10/2010 13:02:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Windows PowerShell 2.0 and WinRM 2.0 for Windows Vista (KB968930).
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WindowsRemoteManagement from package KB950099(Software Update) into Staging(Staging) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WindowsRemoteManagement from package KB950099(Language Pack) into Staging(Staging) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-zh-TW-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-zh-HK-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-zh-CN-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-tr-TR-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-sv-SE-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ru-RU-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-pt-PT-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-pt-BR-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-pl-PL-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-nl-NL-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-Neutral from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-nb-NO-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ko-KR-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ja-JP-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-it-IT-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-hu-HU-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-he-IL-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-fr-FR-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-fi-FI-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-es-ES-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-en-US-LP from package Windows-Management-Framework-Core-Package-en-US-MiniLP(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-en-US-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-el-GR-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-de-DE-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-da-DK-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-cs-CZ-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Windows-Management-Framework-Core-ar-SA-LP-Toplevel from package KB968930(Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShellISE from package PowerShell ISE_en-US(Language Pack) into Staging(Staging) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShellISE from package KB968931(Software Update) into Staging(Staging) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShell2 from package KB968923(Software Update) into Staging(Staging) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update MicrosoftWindowsPowerShell2 from package KB928439(Language Pack) into Staging(Staging) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-WINRM-WTR-Neutral-PACKAGE from package KB968930(Software Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-WINRM-WTR-Neutral-PACKAGE from package KB968930(Language Pack) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-WTR-Neutral-PACKAGE from package KB968930(Software Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-WTR-Neutral-PACKAGE from package KB968930(Language Pack) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-ISE-WTR-Neutral-PACKAGE from package KB968930(Software Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-PowerShell-ISE-WTR-Neutral-PACKAGE from package KB968930(Language Pack) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_server_neutral_PACKAGE from package KB950099(Software Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_server_neutral_PACKAGE from package KB950099(Language Pack) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_client_neutral_PACKAGE from package KB950099(Software Update) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update KB950099_client_neutral_PACKAGE from package KB950099(Language Pack) into Absent(Absent) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Windows-Management-Framework-Core-Package-en-US-MiniLP (Update) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package PowerShell ISE_en-US (Language Pack) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968931 (Software Update) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Update) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Software Update) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968930 (Language Pack) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB968923 (Software Update) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950099 (Software Update) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950099 (Language Pack) into Install Requested(Install Requested) state
    16/10/2010 13:02:38, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB928439 (Language Pack) into Install Requested(Install Requested) state
    16/10/2010 12:59:40, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    16/10/2010 12:57:41, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Security Update for Windows (KB979687).
    16/10/2010 12:47:12, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    16/10/2010 12:35:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    15/10/2010 23:56:19, Error: Microsoft-Windows-PrintSpooler [6161] - The document The enormous mortgage-bond ..., owned by David, failed to print on printer HP Officejet Pro L7700 Series. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client computer: \\DAVID-PC. Win32 error code returned by the print processor: 259. No more data is available.
    15/10/2010 13:23:53, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2360131~31bf3856ad364e35~x86~~8.0.1.3 () into Staged(Staged) state
    15/10/2010 13:23:53, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2360131_ie8~31bf3856ad364e35~x86~~8.0.1.3 () into Staged(Staged) state
    15/10/2010 13:23:53, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2360131_ie8_0~31bf3856ad364e35~x86~~8.0.1.3 () into Staged(Staged) state
    15/10/2010 13:23:53, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2360131~31bf3856ad364e35~x86~~8.0.1.3 () into Staged(Staged) state
    15/10/2010 12:17:56, Error: volsnap [20] - The shadow copies of volume E: were aborted because of a failed free space computation.
    15/10/2010 12:17:55, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
    15/10/2010 12:17:52, Error: volsnap [20] - The shadow copies of volume D: were aborted because of a failed free space computation.
    15/10/2010 12:17:51, Error: volsnap [20] - The shadow copies of volume \\?...961-11dd-8cfd-806e6f6e6963} were aborted because of a failed free space computation.
    15/10/2010 01:06:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    15/10/2010 01:06:21, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    14/10/2010 18:02:56, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
    14/10/2010 17:37:35, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA Navi Support Service service to connect.
    14/10/2010 17:37:35, Error: Service Control Manager [7000] - The TOSHIBA Navi Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    14/10/2010 15:58:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800703f9: Security Update for Windows Vista (KB979688).
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979688_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979688_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979688_client_1~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979687_client~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979687_client_2~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979687_client_1~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2345886_client~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2345886_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:11, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2345886_client_1~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_99_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_8_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_77_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_76_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB979688~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_3_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_25_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_24_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB979688~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_101_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:10, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2345886~31bf3856ad364e35~x86~~6.0.1.1 () into Staged(Staged) state
    14/10/2010 15:49:02, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB979688~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    14/10/2010 15:14:41, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Security Update for Windows (KB2378111).
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2378111_client~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2378111_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2378111_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_38_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_36_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_149_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_148_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_132_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    14/10/2010 12:24:45, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_118_for_KB2378111~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state

    ==== End Of File ===========================
     
    oserdavid,
    #3
  5. 2010/10/18
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Sincerely apologise for the length of the above postings - covered with embarrassment...
     
    oserdavid,
    #4
  6. 2010/10/18
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Well, I did already see malware, so my munch was right.

    Please wait for a malware expert to attend to your log.
     
    Admin.,
    #5
  7. 2010/10/18
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Grrr... Thanks Arie. And here I am being accused by my family for being overcautious with malware etc (ESET, Malwarebytes, Superantispyware - frequent custom scans, even the odd online scan from time to time - plus various security addons in Firefox). Just goes to show, eh?

    What did you spot, by the way? (You don't need to answer if you are busy)

    Thanks again.
    David
     
    oserdavid,
    #6
  8. 2010/10/18
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Not attempting to 'bump'. Just to report that full scans with fully updated Panda (online scan), and installed Eset Security Suite, Malwarebytes report no problems. Currently conducting a full scan with Superantispyware. I'm not expecting it to find anything either (though will report if it does). Therefore, if I am a victim of malware which first manifested itself less than a week ago with failure to update Vista, it must be very clever malware indeed.

    Doubtless, we will eventually get to the bottom of this. Ho hum...

    Admin: please be patient. As noted above in the announcement: "Do NOT bump your topic! We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump. "
     
    oserdavid,
    #7
  9. 2010/10/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    ...and from now on do NOT make any changes to your computer, including running any tools other than prescribed by me.
    Thanks :)

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Thanks Broni - the situation is as follows. Before your response I already had the paid-for version of Malwarebytes installed and loaded with protection mode on, including blocking potentially malicious web sites. It does report from time to time that it has blocked access to a potentially malicious site - they tend to be (from Whois) located in such places as Korea, China, Holland, etc. Interestingly - they pop up even when I am not using any browser. Before receiving your post, I ran a scan with Malwarebytes (fully updated first) but it found nothing. I've also got a paid-for version of Superantispyware, which I keep in reserve, not loading with Windows. I loaded it, updated it and ran it. It found nothing but 57 tracking cookies. No big deal. I also ran a full scan with my own (fully updated and paid-for) Eset Smart Security. I also ran - as I noted above - a Panda online scan - which found nothing. My question is - do I skip your step 1?

    I will post the last Malwarebytes log here. Maybe you want me to do a fresh download and install of it? In the meantime, here is its latest log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4873

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18943

    18/10/2010 18:20:22
    mbam-log-2010-10-18 (18-20-22).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 284622
    Time elapsed: 1 hour(s), 27 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Here also is the last 'Protection' Malwarebytes log - which shows the IP blocks which I find so puzzling:

    00:21:21 David MESSAGE IP Protection stopped
    01:03:58 David MESSAGE Protection started successfully
    01:04:02 David MESSAGE IP Protection started successfully
    10:56:40 David MESSAGE Protection started successfully
    10:56:45 David MESSAGE IP Protection started successfully
    11:27:42 David IP-BLOCK 83.128.49.184
    11:27:42 David IP-BLOCK 83.128.49.184
    11:27:42 David IP-BLOCK 83.128.49.184
    11:46:03 David MESSAGE Scheduled update executed successfully
    11:46:04 David MESSAGE IP Protection stopped
    11:46:06 David MESSAGE Scheduled scan executed successfully
    11:46:09 David MESSAGE Database updated successfully
    11:46:10 David MESSAGE IP Protection started successfully
    12:46:03 David MESSAGE Scheduled update executed successfully
    12:46:04 David MESSAGE IP Protection stopped
    12:46:06 David MESSAGE Scheduled scan executed successfully
    12:46:08 David MESSAGE Database updated successfully
    12:46:09 David MESSAGE IP Protection started successfully
    15:46:03 David MESSAGE Scheduled update executed successfully
    15:46:05 David MESSAGE IP Protection stopped
    15:46:07 David MESSAGE Scheduled scan executed successfully
    15:46:27 David MESSAGE Database updated successfully
    15:46:29 David MESSAGE IP Protection started successfully
    16:36:22 David MESSAGE IP Protection stopped
    16:36:34 David MESSAGE Database updated successfully
    16:36:35 David MESSAGE IP Protection started successfully
    17:46:06 David MESSAGE Scheduled update executed successfully
    17:46:07 David MESSAGE IP Protection stopped
    17:46:09 David MESSAGE Scheduled scan executed successfully
    17:46:32 David MESSAGE Database updated successfully
    17:46:34 David MESSAGE IP Protection started successfully
    18:56:50 David IP-BLOCK 62.45.137.120
    18:56:59 David IP-BLOCK 62.45.137.120
    18:56:59 David IP-BLOCK 62.45.137.120
    18:57:07 David IP-BLOCK 62.45.137.120
    18:57:07 David IP-BLOCK 62.45.137.120
    19:46:03 David MESSAGE Scheduled update executed successfully
    19:46:04 David MESSAGE IP Protection stopped
    19:46:06 David MESSAGE Scheduled scan executed successfully
    19:46:15 David MESSAGE Database updated successfully
    19:46:17 David MESSAGE IP Protection started successfully
    20:27:40 David IP-BLOCK 62.45.202.54
    20:27:40 David IP-BLOCK 62.45.202.54
    20:27:48 David IP-BLOCK 62.45.202.54

    Here is the Gmer.log:

    GMER 1.0.15.15472 - http://www.gmer.net
    Rootkit scan 2010-10-19 07:02:02
    Windows 6.0.6002 Service Pack 2
    Running: dtrrewol.exe; Driver: C:\Users\David\AppData\Local\Temp\pwlcapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x95FB6620]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!KeInsertQueue + 811 870A7E08 4 Bytes [20, 66, FB, 95] {AND [ESI-0x5], AH; XCHG EBP,
    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8F661000, 0x4036D, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8F6AA000, 0x510, 0x40000040]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2544] kernel3 7799A84F 4 Bytes [C2, 04, 00, 00]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73EA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73EFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73EABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73EA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73ED8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73EADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73F2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73ECC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73E9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b
    IAT C:\Windows\Explorer.EXE[384] @ C:\Windows\Explorer.EXE [gdiplus. [73EA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0 0x89 0x24 0x0C 0x4A ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0 0xC8 0xE8 0x7D 0x96 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0 0x16 0x50 0xB6 0x66 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00003
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00003 0x89 0x24 0x0C 0x4A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00003 0xC8 0xE8 0x7D 0x96 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3 0x16 0x50 0xB6 0x66 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\ 0x69 0x61 0x6F 0x6F ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\ 0x69 0x61 0x6F 0x6F ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File D:\$RECYCLE.BIN\S-1-5-21-1571381933-3166844399-2333848073-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1571381933-3166844399-2333848073-500\de 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1661674311-2815529458-2936180237-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1661674311-2815529458-2936180237-500\de 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1909584832-858829809-948134049-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1909584832-858829809-948134049-500\desk 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-2504357094-947659251-4233815124-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-2504357094-947659251-4233815124-500\des 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-320473091-3327395352-620747680-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-320473091-3327395352-620747680-500\desk 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-3753462501-2946134135-3446067773-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-3753462501-2946134135-3446067773-500\de 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-651549746-3940150078-1581359000-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-651549746-3940150078-1581359000-500\des 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-672597815-3237486728-385770818-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-672597815-3237486728-385770818-500\desk 129 bytes
    File D:\boot.sdi 3170304 bytes
    File D:\sources 0 bytes
    File D:\sources\boot.wim 165213914 bytes
    File D:\System Volume Information\{29aa03db-da9d-11df-88be-001eec04d8 314572800 bytes

    ---- EOF - GMER 1.0.15 ----

    And finally - here is the MBRcheck.txt output:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Business Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: TOSHIBA
    BIOS Manufacturer: TOSHIBA
    System Manufacturer: TOSHIBA
    System Product Name: Satellite Pro P200
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 168):
    0x8703A000 \SystemRoot\system32\ntoskrnl.exe
    0x87007000 \SystemRoot\system32\hal.dll
    0x87807000 \SystemRoot\system32\kdcom.dll
    0x8780E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8787E000 \SystemRoot\system32\PSHED.dll
    0x8788F000 \SystemRoot\system32\BOOTVID.dll
    0x87897000 \SystemRoot\system32\CLFS.SYS
    0x878D8000 \SystemRoot\system32\CI.dll
    0x879B8000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x87A34000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x87A41000 \SystemRoot\system32\drivers\acpi.sys
    0x87A87000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x87A90000 \SystemRoot\system32\drivers\msisadrv.sys
    0x87A98000 \SystemRoot\system32\drivers\pci.sys
    0x87ABF000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
    0x87AC9000 \SystemRoot\System32\drivers\partmgr.sys
    0x87AD8000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x87ADB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x87AE5000 \SystemRoot\system32\drivers\volmgr.sys
    0x87AF4000 \SystemRoot\System32\drivers\volmgrx.sys
    0x87B3E000 \SystemRoot\system32\drivers\intelide.sys
    0x87B45000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x87B53000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x87B80000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8F00A000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8F0C8000 \SystemRoot\system32\drivers\atapi.sys
    0x8F0D0000 \SystemRoot\system32\drivers\ataport.SYS
    0x8F0EE000 \SystemRoot\system32\drivers\msahci.sys
    0x8F0F7000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8F129000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8F139000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8F1AA000 \SystemRoot\system32\drivers\ndis.sys
    0x8F2B5000 \SystemRoot\system32\drivers\msrpc.sys
    0x8F2E0000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8F40D000 \SystemRoot\System32\drivers\tcpip.sys
    0x8F4F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8F512000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8F622000 \SystemRoot\system32\drivers\volsnap.sys
    0x8F65B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    0x8F660000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
    0x8F6AB000 \SystemRoot\System32\Drivers\spldr.sys
    0x8F6B3000 \SystemRoot\System32\Drivers\mup.sys
    0x8F6C2000 \SystemRoot\System32\drivers\ecache.sys
    0x8F6E9000 \SystemRoot\system32\drivers\disk.sys
    0x8F6FA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8F71B000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8F724000 \SystemRoot\system32\DRIVERS\CplIR.SYS
    0x8F73A000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8F745000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8F74E000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x94C03000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x9534F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x953F0000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F75D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F7EA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8F31B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8F359000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F368000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x9540D000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
    0x95796000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x957A6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x957B4000 \SystemRoot\system32\drivers\tifm21.sys
    0x8F3A9000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x95400000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8F3C3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F7F5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x87B90000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x95404000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F400000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x95406000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    0x8F3D6000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F72D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8F3EE000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0x8F000000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x87BC2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x95C08000 \SystemRoot\system32\DRIVERS\storport.sys
    0x95C49000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x95C54000 \SystemRoot\system32\drivers\VirtualAudio.sys
    0x95C59000 \SystemRoot\system32\drivers\portcls.sys
    0x95C86000 \SystemRoot\system32\drivers\drmk.sys
    0x95CAB000 \SystemRoot\system32\drivers\ks.sys
    0x95CD5000 \SystemRoot\system32\drivers\tbhsd.sys
    0x95CE1000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x95CE9000 \SystemRoot\system32\drivers\modem.sys
    0x95CF6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x95D0D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x95D18000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x95D3B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x95D4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x95D5E000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x95D73000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x95D7F000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0x95D86000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x95E0F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x95E1F000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
    0x95E29000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x95E2B000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x95E39000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x95E43000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x95E50000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x95E85000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x95E96000 \SystemRoot\system32\drivers\HdAudio.sys
    0x9600B000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x961E7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x96303000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x9630C000 \SystemRoot\System32\Drivers\Null.SYS
    0x96313000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9631A000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0x96339000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x96350000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
    0x96359000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x96383000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x9638A000 \SystemRoot\System32\drivers\vga.sys
    0x96396000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x963B7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x963BF000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x963C7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x963D2000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x963E0000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x963E9000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x95ED5000 \SystemRoot\system32\DRIVERS\smb.sys
    0x95EE9000 \SystemRoot\system32\drivers\afd.sys
    0x95F31000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x95F63000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x95F79000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x95F87000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x95F9A000 \SystemRoot\system32\drivers\usbaudio.sys
    0x95FAC000 \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x96000000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x95FCE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x97408000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x97444000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9744E000 \SystemRoot\system32\drivers\csc.sys
    0x974A9000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x974B1000 \SystemRoot\System32\Drivers\dfsc.sys
    0x974C8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x974D0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xA30E0000 \SystemRoot\System32\win32k.sys
    0x974E5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x974EF000 \SystemRoot\system32\DRIVERS\monitor.sys
    0xA3300000 \SystemRoot\System32\TSDDD.dll
    0xA3320000 \SystemRoot\System32\cdd.dll
    0x974FE000 \SystemRoot\system32\drivers\luafv.sys
    0x97519000 \SystemRoot\system32\DRIVERS\eamonm.sys
    0x975BF000 \SystemRoot\system32\DRIVERS\epfw.sys
    0x975E9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x975F9000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x97623000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9762D000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x97640000 \SystemRoot\system32\drivers\HTTP.sys
    0x976AD000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x976CA000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x976E3000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x976F8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x97717000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x97750000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x97768000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9778F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA4C08000 \SystemRoot\system32\drivers\spsys.sys
    0xA4CD0000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
    0xA4CDE000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA4CF4000 \SystemRoot\system32\drivers\peauth.sys
    0xA4DD2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA4DDC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA4DE8000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA4E0E000 \??\C:\Windows\system32\drivers\mbam.sys
    0xA4E46000 \??\C:\Users\David\AppData\Local\Temp\pwlcapod.sys
    0x77CC0000 \Windows\System32\ntdll.dll

    Processes (total 74):
    0 System Idle Process
    4 System
    632 C:\Windows\System32\smss.exe
    704 csrss.exe
    760 csrss.exe
    768 C:\Windows\System32\wininit.exe
    816 C:\Windows\System32\winlogon.exe
    848 C:\Windows\System32\services.exe
    860 C:\Windows\System32\lsass.exe
    868 C:\Windows\System32\lsm.exe
    1020 C:\Windows\System32\svchost.exe
    1068 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    1116 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1244 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\svchost.exe
    1296 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\audiodg.exe
    1448 C:\Windows\System32\svchost.exe
    1464 C:\Windows\System32\SLsvc.exe
    1556 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\svchost.exe
    1972 C:\Windows\System32\taskeng.exe
    1980 C:\Windows\System32\dwm.exe
    2024 C:\Windows\System32\spoolsv.exe
    352 C:\Windows\System32\svchost.exe
    384 C:\Windows\explorer.exe
    412 C:\Windows\System32\taskeng.exe
    1932 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1952 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    932 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    1880 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    1504 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    1352 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    1356 E:\Program Files\Logitech\SetPointP\SetPoint.exe
    1612 C:\Program Files\ESET\ESET Smart Security\egui.exe
    996 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    1396 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2160 C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    2168 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2384 C:\Program Files\Bonjour\mDNSResponder.exe
    2416 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2520 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    2544 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    2988 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3016 C:\Windows\System32\svchost.exe
    3128 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    3308 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    3348 C:\Windows\System32\svchost.exe
    3428 C:\Windows\System32\svchost.exe
    3460 C:\Windows\System32\svchost.exe
    3480 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3500 C:\Windows\System32\svchost.exe
    3600 C:\Windows\System32\TODDSrv.exe
    3644 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    3992 C:\Windows\System32\svchost.exe
    1648 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2148 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1900 C:\Windows\System32\SearchIndexer.exe
    428 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3332 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3664 C:\Windows\System32\VSSVC.exe
    2552 C:\Windows\System32\svchost.exe
    4196 C:\Windows\System32\alg.exe
    4984 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    5092 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    5232 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    2960 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    5384 C:\Windows\System32\svchost.exe
    1580 C:\Windows\System32\UI0Detect.exe
    1264 E:\Program Files\Mozilla Firefox\firefox.exe
    5432 E:\Program Files\Mozilla Firefox\plugin-container.exe
    5572 C:\Windows\System32\notepad.exe
    1496 C:\Users\David\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`5dd00000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000012`ebd00000 (NTFS)

    PhysicalDrive1 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC33P
    PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL030M

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!


    Many thanks
    David
     
    Last edited: 2010/10/19
    oserdavid,
    #9
  11. 2010/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're definitely infected. I can see it from DDS and GMER logs.

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #10
  12. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Broni - here is the Combofix.log file:

    ComboFix 10-10-18.03 - David 19/10/2010 7:47.1.2 - x86
    Microsoft® Windows Vistaâ„¢ Business 6.0.6002.2.1252.44.1033.18.3070.1396 [GMT 1:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Images
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\users\David\AppData\Roaming\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
    .

    2010-10-19 06:56 . 2010-10-19 06:56 -------- d-----w- c:\users\David\AppData\Local\temp
    2010-10-19 06:56 . 2010-10-19 06:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-18 15:28 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-10-18 15:27 . 2010-10-18 15:27 -------- d-----w- c:\program files\Panda Security
    2010-10-15 11:37 . 2010-10-15 11:37 -------- d-----w- c:\users\David\AppData\Local\ElevatedDiagnostics
    2010-10-15 11:35 . 2010-10-15 11:36 -------- d-----w- c:\program files\Microsoft ATS
    2010-10-15 10:22 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F7FC413-48BC-4160-98B4-CD6E2DFB2BF8}\mpengine.dll
    2010-10-14 15:51 . 2010-10-14 15:51 -------- d-----w- c:\program files\Common Files\Java
    2010-10-14 15:49 . 2010-10-14 15:49 -------- d-----w- c:\program files\Java
    2010-10-14 00:50 . 2010-10-14 00:50 -------- d-----w- c:\users\David\AppData\Local\ESET
    2010-10-14 00:41 . 2010-10-17 18:47 -------- d-----w- c:\windows\system32\catroot2
    2010-10-13 23:58 . 2010-10-13 23:58 -------- d-----w- c:\program files\ESET
    2010-10-13 17:42 . 2010-10-13 17:42 -------- d-----w- c:\windows\CheckSur
    2010-10-13 17:23 . 2010-10-13 17:24 -------- d-----w- c:\windows\system32\config\systemprofile\{5825e721-9cc1-4515-babc-c71982dd860b}
    2010-10-13 10:32 . 2010-10-13 10:32 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-10-13 06:30 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 06:30 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 06:30 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 06:30 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-06 00:28 . 2010-10-06 00:28 -------- d-----w- c:\windows\tessdata
    2010-10-06 00:28 . 2009-10-29 03:46 1883136 ------w- c:\windows\system32\QuickPDFAX0717.dll
    2010-10-06 00:28 . 2008-04-27 20:28 962560 ------w- c:\windows\tesseract.exe
    2010-10-06 00:28 . 2007-03-10 09:11 2680320 ------w- c:\windows\system32\ImageEnXLibrary.ocx
    2010-10-06 00:28 . 2010-10-06 00:28 -------- d-----w- c:\programdata\Tarma Installer
    2010-10-03 00:37 . 2010-10-03 00:37 -------- d-----w- c:\users\David\AppData\Local\MailDrop
    2010-10-02 15:56 . 2010-10-15 10:48 -------- d-----w- c:\users\David\AppData\Roaming\Dropbox
    2010-10-01 14:37 . 2010-10-01 14:37 -------- d-----w- c:\users\David\Tracing
    2010-10-01 14:00 . 2010-10-01 14:00 -------- d-----w- c:\users\David\AppData\Local\Windows Live Writer
    2010-10-01 14:00 . 2010-10-01 14:00 -------- d-----w- c:\users\David\AppData\Roaming\Windows Live Writer
    2010-10-01 13:51 . 2010-10-01 13:51 -------- d-----w- c:\windows\en
    2010-10-01 13:50 . 2010-10-01 13:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-10-01 13:44 . 2010-10-01 13:44 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\be4c062e1cb616e08\MeshBetaRemover.exe
    2010-10-01 13:44 . 2010-10-01 13:44 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb0abdde1cb616e07\DSETUP.dll
    2010-10-01 13:44 . 2010-10-01 13:44 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb0abdde1cb616e07\DXSETUP.exe
    2010-10-01 13:44 . 2010-10-01 13:44 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb0abdde1cb616e07\dsetup32.dll
    2010-10-01 13:44 . 2010-10-01 13:44 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\b53fbd6e1cb616e06\DSETUP.dll
    2010-10-01 13:44 . 2010-10-01 13:44 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\b53fbd6e1cb616e06\DXSETUP.exe
    2010-10-01 13:44 . 2010-10-01 13:44 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\b53fbd6e1cb616e06\dsetup32.dll
    2010-10-01 13:43 . 2010-10-14 21:14 -------- d-----w- c:\users\David\AppData\Local\Windows Live
    2010-09-29 08:16 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 08:16 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-27 23:01 . 2010-10-19 06:38 -------- d-----w- c:\users\David\AppData\Roaming\skypePM
    2010-09-27 23:01 . 2010-10-19 06:43 -------- d-----w- c:\users\David\AppData\Roaming\Skype
    2010-09-27 23:00 . 2010-09-27 23:00 -------- d-----w- c:\program files\Common Files\Skype
    2010-09-27 23:00 . 2010-09-27 23:00 -------- d-----w- c:\programdata\Skype
    2010-09-24 08:11 . 2010-09-24 08:11 -------- d-----w- c:\users\David\AppData\Roaming\Magnifier
    2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 13:13 . 2010-09-21 13:13 1564072 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
    2010-09-21 13:08 . 2010-09-21 13:08 439168 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    2010-09-21 13:06 . 2010-09-21 13:06 853912 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
    2010-09-21 13:06 . 2010-09-21 13:06 57752 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
    2010-09-21 13:03 . 2010-09-21 13:03 193408 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2010-09-21 13:03 . 2010-09-21 13:03 1710464 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2010-09-20 17:35 . 2010-09-20 17:35 -------- d-----w- c:\programdata\Xerox
    2010-09-20 14:14 . 2010-09-20 14:14 -------- d-----w- c:\windows\addins
    2010-09-20 12:11 . 2010-09-20 22:48 -------- d-----w- c:\users\David\AppData\Roaming\HP
    2010-09-20 12:09 . 2010-09-20 12:09 -------- d-----w- c:\users\David\AppData\Local\HP
    2010-09-20 12:08 . 2010-09-20 12:08 -------- d-----w- c:\programdata\Hewlett-Packard
    2010-09-20 12:03 . 2010-09-20 12:41 -------- d-----w- c:\users\David\AppData\Roaming\HpUpdate
    2010-09-20 12:02 . 2010-09-20 12:02 -------- d-----w- c:\programdata\HP Product Assistant
    2010-09-20 12:01 . 2010-09-20 12:01 -------- d-----w- c:\program files\Common Files\HP
    2010-09-20 11:59 . 2010-10-05 15:22 -------- d-----w- c:\program files\HP
    2010-09-20 11:58 . 2010-09-20 12:11 -------- d-----w- c:\programdata\HP
    2010-09-19 23:23 . 2010-09-19 23:23 -------- d-----w- c:\programdata\WEBREG

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2008-08-18 08:51 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MailDrop "= "e:\program files\MailDrop -background" [X]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Skype "= "e:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
    "Google Update "= "c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-20 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HWSetup "= "\HWSetup.exe hwSetUP" [X]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
    "topi "= "c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
    "SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
    "SVPWUTIL "= "c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "QuickTime Task "= "e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "KeNotify "= "c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
    "HSON "= "c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "EvtMgr6 "= "e:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
    "egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
    "Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-08-18 600008]

    c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MailWasherPro.lnk - e:\program files\FireTrust\MailWasher\MailWasherPro.exe [2010-10-15 5145416]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Cordless DUALphone Startup.lnk - c:\program files\Cordless USB Phone\Cordless DUALphone Suite.exe [2008-7-28 625000]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux4 "=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk]
    backup=c:\windows\pss\Device Detector 3.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    realsched.exe -osboot [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
    2007-05-22 15:32 538744 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
    2007-04-10 15:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-01 07:32 421160 ----a-w- e:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-11-13 11:31 247144 ----a-w- e:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
    2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3163960785-4089710465-953466431-1003]
    "EnableNotificationsRef "=dword:00000001

    R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9c9207972e6d0;Google Update Service (gupdate1c9c9207972e6d0);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 133104]
    R3 2hotspot controller;2hotspot Miniport;c:\windows\system32\DRIVERS\acontrol.sys [2008-10-18 72456]
    R3 AtiDCM;AtiDCM;c:\program files\ATI\CIM\Bin\atidcmxx.sys [2007-09-20 17280]
    R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
    R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-12-21 27168]
    R3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
    R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
    R4 TomTomHOMEService;TomTomHOMEService;e:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
    S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-09-29 67656]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
    S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2009-12-21 27168]
    S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-03 16896]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PWLCAPOD
    *Deregistered* - pwlcapod

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    rsmsvcs REG_MULTI_SZ ntmssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPService REG_MULTI_SZ HPSLPSVC
    LPDService REG_MULTI_SZ LPDSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
    2009-03-04 16:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 23:15]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-29 23:15]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163960785-4089710465-953466431-1003Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-20 17:58]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3163960785-4089710465-953466431-1003UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-20 17:58]

    2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{4B3E10B0-05DD-42D0-B573-99580A66244C}.job
    - c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.co.uk
    uInternet Settings,ProxyOverride = local;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube Download - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
    IE: Send image to &Bluetooth Device... - e:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - e:\program files\Belkin\Bluetooth Software\btsendto_ie.htm
    IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {{0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\Windows Live\Companion\companioncore.dll
    Trusted Zone: secunia.com\psi
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\David\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
    FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: e:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    e:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    e:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    MSConfigStartUp-4oD - c:\program files\Kontiki\KHost.exe
    MSConfigStartUp-Mikogo - c:\users\David\AppData\Roaming\Mikogo\Mikogo-Host.exe
    MSConfigStartUp-NDSTray - NDSTray.exe
    MSConfigStartUp-Toshiba TEMPRO - e:\program files\Toshiba TEMPRO\TemproTray.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3163960785-4089710465-953466431-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*c*r*o*s*o*f*t* *S*t*u*f*f* \Mental Stimulation]
    "Order "=hex:08,00,00,00,02,00,00,00,28,08,00,00,01,00,00,00,0d,00,00,00,b6,00,
    00,00,00,00,00,00,a8,00,32,00,cd,00,00,00,00,f3,a6,6f,20,00,42,45,53,54,4f,\

    [HKEY_USERS\S-1-5-21-3163960785-4089710465-953466431-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*c*r*o*s*o*f*t* *S*t*u*f*f* \Microsoft Websites]
    "Order "=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-3163960785-4089710465-953466431-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*c*r*o*s*o*f*t* *S*t*u*f*f* \Mental Stimulation]
    "Order "=hex:08,00,00,00,02,00,00,00,28,08,00,00,01,00,00,00,0d,00,00,00,b6,00,
    00,00,00,00,00,00,a8,00,32,00,cd,00,00,00,00,63,f1,2c,20,00,42,45,53,54,4f,\

    [HKEY_USERS\S-1-5-21-3163960785-4089710465-953466431-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*i*c*r*o*s*o*f*t* *S*t*u*f*f* \Microsoft Websites]
    "Order "=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

    [HKEY_USERS\S-1-5-21-3163960785-4089710465-953466431-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E718782-054D-E924-4F78-BE2437B92397}*]
    @Allowed: (Read) (RestrictedCode)
    "nafjodgihgkiifiimglilkpeopph "=hex:69,61,6f,6f,61,69,64,6e,6e,61,70,66,64,6e,
    70,64,66,63,00,00
    "maleepaabfbjicmcopimkdfidm "=hex:69,61,6f,6f,61,69,64,6e,6e,61,70,66,64,6e,70,
    64,66,63,00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2010-10-19 08:00:59
    ComboFix-quarantined-files.txt 2010-10-19 07:00

    Pre-Run: 37,369,257,984 bytes free
    Post-Run: 37,280,796,672 bytes free

    - - End Of File - - DB8B5E44AA6ED67F28240677E96BB31E
     
    oserdavid,
    #11
  13. 2010/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That looks better...

    Please, delete your GMER file, download fresh one and post new log.
     
    broni,
    #12
  14. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    New Gmer log:
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-20 01:08:34
    Windows 6.0.6002 Service Pack 2
    Running: 755w3q1i.exe; Driver: C:\Users\David\AppData\Local\Temp\pwlcapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8F65E000, 0x4036D, 0xE8000020]
    .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8F6A7000, 0x510, 0x40000040]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2368] kernel32.dll!SetUnhandledExceptionFilter 76F1A84F 4 Bytes [C2, 04, 00, 00]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [732D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7332A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [732DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [732CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [732D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [732CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [732DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [732CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [732CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [732C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7335CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [732FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [732CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [732C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [732C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[388] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [732D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00003a69edc2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00003a69edc2@0013703dd5ef 0x89 0x24 0x0C 0x4A ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00003a69edc2@00237a752376 0xC8 0xE8 0x7D 0x96 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037af01aa2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a502f09
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a502f09@00192d3e2195 0x16 0x50 0xB6 0x66 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00003a69edc2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00003a69edc2@0013703dd5ef 0x89 0x24 0x0C 0x4A ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00003a69edc2@00237a752376 0xC8 0xE8 0x7D 0x96 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037af01aa2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a502f09 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a502f09@00192d3e2195 0x16 0x50 0xB6 0x66 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E718782-054D-E924-4F78-BE2437B92397}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E718782-054D-E924-4F78-BE2437B92397}@nafjodgihgkiifiimglilkpeopph 0x69 0x61 0x6F 0x6F ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E718782-054D-E924-4F78-BE2437B92397}@maleepaabfbjicmcopimkdfidm 0x69 0x61 0x6F 0x6F ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File D:\$RECYCLE.BIN\S-1-5-21-1571381933-3166844399-2333848073-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1571381933-3166844399-2333848073-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1661674311-2815529458-2936180237-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1661674311-2815529458-2936180237-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1909584832-858829809-948134049-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-1909584832-858829809-948134049-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-2504357094-947659251-4233815124-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-2504357094-947659251-4233815124-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-320473091-3327395352-620747680-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-320473091-3327395352-620747680-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-3753462501-2946134135-3446067773-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-3753462501-2946134135-3446067773-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-651549746-3940150078-1581359000-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-651549746-3940150078-1581359000-500\desktop.ini 129 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-672597815-3237486728-385770818-500 0 bytes
    File D:\$RECYCLE.BIN\S-1-5-21-672597815-3237486728-385770818-500\desktop.ini 129 bytes
    File D:\boot.sdi 3170304 bytes
    File D:\sources 0 bytes
    File D:\sources\boot.wim 165213914 bytes
    File D:\System Volume Information\{57e81b42-db4f-11df-90ab-001eec04d8b1}{3808876b-c176-4e48-b7ae-04046e6cc752} 314572800 bytes

    ---- EOF - GMER 1.0.15 ----
    Many thanks (again!)
     
    oserdavid,
    #13
  15. 2010/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

    * Doubleclick mbr.exe and follow prompts (Vista users: right click on mbr.exe and click "Run As Administrator ").
    * A black DOS window will quickly appear then disappear.
    * When mbr.exe is finished it will create a log on your desktop.
    * Copy and paste contents of that log (mbr.log) file to your next reply.
     
    broni,
    #14
  16. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Here is the MBR log...

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ...Is that all!?
     
    oserdavid,
    #15
  17. 2010/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes. It looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #16
    oserdavid likes this.
  18. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Here's OTL.txt (part 1)

    OTL logfile created on: 20/10/2010 01:42:19 - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\David\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.22 Gb Total Space | 35.28 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
    Drive D: | 149.05 Gb Total Space | 143.54 Gb Free Space | 96.30% Space Free | Partition Type: NTFS
    Drive E: | 73.36 Gb Total Space | 43.26 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

    Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/15 15:02:34 | 004,429,640 | ---- | M] () -- E:\Program Files\FireTrust\MailWasher\MailWasherProApp.exe
    PRC - [2010/10/15 15:02:32 | 005,145,416 | ---- | M] (Firetrust) -- E:\Program Files\FireTrust\MailWasher\MailWasherPro.exe
    PRC - [2010/10/13 01:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/01/29 22:20:26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    PRC - [2010/01/27 12:30:16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    PRC - [2008/08/18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2008/08/18 09:51:22 | 000,600,008 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2008/07/03 13:38:20 | 000,625,000 | ---- | M] (RTX Products A/S) -- C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
    PRC - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/11/06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/13 01:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - File not found [Auto | Stopped] -- E:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
    SRV - File not found [Disabled | Stopped] -- C:\cygwin\bin\cygrunsrv.exe -- (BrlAPI)
    SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/29 22:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/12/08 07:40:00 | 000,128,280 | ---- | M] (EMC Corporation) [Disabled | Stopped] -- E:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe -- (Retrospect Helper)
    SRV - [2008/12/08 07:40:00 | 000,115,992 | ---- | M] (EMC Corporation) [Disabled | Stopped] -- E:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe -- (RetroLauncher)
    SRV - [2008/08/18 09:51:22 | 001,699,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/19 08:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
    SRV - [2007/09/19 11:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2007/03/29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2007/02/27 11:04:02 | 000,441,136 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- E:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Program Files\Comodo\CBOClean\BOCDRIVE.sys -- (BOCDRIVE)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/09/29 10:26:59 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/07/29 13:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
    DRV - [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/05/28 12:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/02/19 10:26:51 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/19 10:26:51 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/12/21 15:34:24 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2009/12/21 15:34:04 | 000,027,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
    DRV - [2009/12/21 15:34:04 | 000,027,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
    DRV - [2009/11/10 12:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/11/10 12:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/03/20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/03/02 12:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2009/01/15 10:15:26 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) USBCCGP filter driver (dc3d)
    DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/11/03 10:22:04 | 000,016,896 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VirtualAudio.sys -- (wsvad_driver)
    DRV - [2008/10/18 22:24:38 | 000,072,456 | ---- | M] (2hotspot.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acontrol.sys -- (2hotspot controller)
    DRV - [2008/09/15 09:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2008/09/15 09:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2008/09/15 09:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/09/15 09:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
    DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/09/20 23:05:48 | 000,017,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI\CIM\Bin\atidcmxx.sys -- (AtiDCM)
    DRV - [2007/09/20 17:56:22 | 003,077,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/09/05 10:36:26 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
    DRV - [2007/04/16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/03/06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)
    DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2007/02/28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2007/02/25 16:08:40 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007/02/25 16:07:44 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007/02/25 16:06:26 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007/01/24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
    DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
    DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
    DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/07/28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
    DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ "
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
    FF - prefs.js..extensions.enabledItems: simpletimer@grbradt.org:1.9
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.6
    FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: GoogCal@bitdrip.com:0.5
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
    FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

    FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/28 00:14:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/20 13:03:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/10/12 17:32:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/10/14 16:50:24 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010/09/20 00:11:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010/09/16 15:48:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010/09/20 00:11:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010/09/16 15:48:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2010/09/20 00:11:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2010/09/16 15:48:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/10/14 13:39:53 | 000,000,000 | ---D | M]

    [2010/09/12 20:34:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
    [2010/09/11 10:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/10/19 16:19:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions
    [2010/09/24 00:56:21 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2010/10/02 19:02:03 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2010/09/12 00:34:26 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
    [2010/09/11 00:11:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/10/14 16:53:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/10/04 15:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
    [2010/09/11 00:08:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/09/12 00:35:16 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    [2010/10/01 13:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/09/12 00:41:25 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/09/11 00:11:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2010/09/19 23:39:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\GoogCal@bitdrip.com
    [2010/09/11 00:32:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\extensions\simpletimer@grbradt.org
    [2010/09/11 00:27:45 | 000,005,551 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\google-maps.xml
    [2010/09/11 00:36:51 | 000,002,027 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\google-translate-any--en.xml
    [2010/09/11 00:35:06 | 000,003,449 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\google-uk.xml
    [2010/09/11 00:33:08 | 000,006,292 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\gutenberg.xml
    [2010/09/11 00:26:52 | 000,001,650 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\longman-english-dictionary.xml
    [2010/09/11 01:03:52 | 000,005,372 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\ripe-query.xml
    [2010/09/11 00:29:15 | 000,001,539 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\thesaurus---referencecom.xml
    [2010/09/11 00:34:36 | 000,001,180 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\urban-dictionary.xml
    [2010/09/11 00:15:00 | 000,000,705 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o0yxt6mx.default\searchplugins\webster.xml

    O1 HOSTS File: ([2010/10/19 07:56:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [EvtMgr6] E:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [HWSetup] File not found
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MailDrop] E:\Program Files\MailDrop [2010/10/03 01:33:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk = E:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - E:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - E:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cf - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -
     
    oserdavid,
    #17
  19. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    Here's OTR.Txt (part 2)

    C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - E:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/20 01:37:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2010/10/19 18:18:53 | 000,753,944 | ---- | C] (PortableApps.com) -- C:\Users\David\Desktop\SkypePortable_5.0.0.152_online.paf.exe
    [2010/10/19 18:18:21 | 014,404,616 | ---- | C] (PortableApps.com) -- C:\Users\David\Desktop\Java_Portable_6_Update_22_online.paf.exe
    [2010/10/19 16:25:19 | 000,312,857 | ---- | C] (62NDS Solutions) -- C:\Users\David\Desktop\windizupdate_setup.exe
    [2010/10/19 08:07:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/10/19 08:06:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/19 08:01:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
    [2010/10/19 07:45:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/19 07:45:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/19 07:45:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/19 07:45:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/19 07:45:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/19 07:44:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/18 16:28:22 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
    [2010/10/18 16:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/10/15 14:00:08 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Updates
    [2010/10/15 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
    [2010/10/15 12:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
    [2010/10/14 16:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/10/14 16:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/10/14 13:12:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\HPAppData
    [2010/10/14 01:50:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ESET
    [2010/10/14 01:50:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ESET
    [2010/10/14 01:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(39)
    [2010/10/14 01:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2010/10/14 00:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2010/10/14 00:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/10/13 19:22:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2.bak
    [2010/10/13 19:22:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(50)
    [2010/10/13 19:22:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(40).bak
    [2010/10/13 18:42:43 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2010/10/13 11:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Photo Gallery
    [2010/10/13 11:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
    [2010/10/06 01:28:37 | 001,883,136 | ---- | C] (Debenu Pty Ltd) -- C:\Windows\System32\QuickPDFAX0717.dll
    [2010/10/06 01:28:37 | 000,000,000 | ---D | C] -- C:\Windows\tessdata
    [2010/10/06 01:28:35 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\System32\ImageEnXLibrary.ocx
    [2010/10/06 01:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2010/10/03 01:37:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\MailDrop
    [2010/10/02 16:56:18 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Dropbox
    [2010/10/01 17:50:58 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Desktop Stuff
    [2010/10/01 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Windows Live Writer
    [2010/10/01 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Windows Live Writer
    [2010/10/01 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\My Weblog Posts
    [2010/10/01 14:51:55 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2010/10/01 14:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/10/01 14:43:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Windows Live
    [2010/09/28 00:01:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\skypePM
    [2010/09/28 00:01:05 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Skype
    [2010/09/28 00:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/09/28 00:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2010/09/24 09:11:53 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Magnifier
    [2010/09/20 18:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
    [2010/09/20 18:28:15 | 000,000,000 | R--D | C] -- C:\Users\David\Documents\Scanned Documents
    [2010/09/20 18:28:14 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Fax
    [2010/09/20 15:14:02 | 000,000,000 | ---D | C] -- C:\Windows\addins
    [2010/09/20 13:11:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\HP
    [2010/09/20 13:09:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\HP
    [2010/09/20 13:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
    [2010/09/20 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\HpUpdate
    [2010/09/20 13:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
    [2010/09/20 13:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2010/09/20 12:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2010/09/20 12:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2010/09/20 00:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
    [2010/09/16 15:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/16 15:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/09/15 18:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro
    [2010/09/15 18:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
    [2010/09/13 00:45:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\vlc
    [2010/09/10 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Mozilla
    [2010/08/22 14:50:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\U3
    [2010/08/14 16:06:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2010/08/14 00:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2010/08/13 12:10:55 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\enchant
    [2010/08/04 00:44:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/08/03 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Adobe
    [2010/07/30 00:16:47 | 000,000,000 | ---D | C] -- C:\downloads
    [2010/07/29 13:31:26 | 000,136,632 | ---- | C] (ESET) -- C:\Windows\System32\drivers\eamonm.sys
    [2010/07/29 13:31:26 | 000,134,512 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfw.sys
    [2010/07/29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys
    [2010/07/29 13:31:26 | 000,041,336 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwwfp.sys
    [2010/07/29 13:31:26 | 000,032,608 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys
    [2010/07/28 13:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
    [2010/07/23 13:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Firetrust
    [2010/07/23 13:09:39 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Firetrust
    [2008/09/10 11:54:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\David\AppData\Roaming\pcouffin.sys
    [1998/12/09 03:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
    [1998/12/09 03:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
    [1998/12/09 03:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
    [1998/12/09 03:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
    [1998/12/09 03:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
    [1998/12/09 03:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL

    ========== Files - Modified Within 90 Days ==========

    [2010/10/20 01:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/20 01:18:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3163960785-4089710465-953466431-1003UA.job
    [2010/10/20 00:31:34 | 000,294,912 | ---- | M] () -- C:\Users\David\Desktop\755w3q1i.exe
    [2010/10/20 00:07:04 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/20 00:07:04 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/19 18:52:10 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4B3E10B0-05DD-42D0-B573-99580A66244C}.job
    [2010/10/19 16:25:19 | 000,312,857 | ---- | M] (62NDS Solutions) -- C:\Users\David\Desktop\windizupdate_setup.exe
    [2010/10/19 09:45:50 | 000,206,313 | ---- | M] () -- C:\Users\David\Desktop\Thank You.pdf
    [2010/10/19 08:08:09 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2010/10/19 08:07:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/19 08:06:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/19 07:56:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/19 07:43:26 | 003,880,194 | R--- | M] () -- C:\Users\David\Desktop\ComboFix.exe
    [2010/10/19 05:18:00 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3163960785-4089710465-953466431-1003Core.job
    [2010/10/18 17:55:05 | 014,404,616 | ---- | M] (PortableApps.com) -- C:\Users\David\Desktop\Java_Portable_6_Update_22_online.paf.exe
    [2010/10/18 16:40:15 | 000,753,944 | ---- | M] (PortableApps.com) -- C:\Users\David\Desktop\SkypePortable_5.0.0.152_online.paf.exe
    [2010/10/18 15:02:58 | 000,002,584 | ---- | M] () -- C:\Users\David\Documents\cc_20101018_150252.reg
    [2010/10/17 16:56:01 | 000,000,036 | ---- | M] () -- C:\Users\David\AppData\Local\housecall.guid.cache
    [2010/10/17 15:19:13 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/17 15:19:13 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/17 01:24:58 | 000,000,795 | ---- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
    [2010/10/17 01:24:58 | 000,000,775 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\MailWasherPro.lnk
    [2010/10/15 23:58:29 | 000,002,427 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
    [2010/10/14 16:18:37 | 000,003,160 | ---- | M] () -- C:\Users\David\Documents\cc_20101014_161831.reg
    [2010/10/13 01:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2010/10/06 13:11:57 | 000,270,210 | ---- | M] () -- C:\Users\David\Desktop\T957 BLO Beresford Road.pdf
    [2010/10/01 15:29:01 | 000,000,286 | ---- | M] () -- C:\Users\David\Documents\cc_20101001_152857.reg
    [2010/10/01 15:28:35 | 000,044,614 | ---- | M] () -- C:\Users\David\Documents\cc_20101001_152831.reg
    [2010/10/01 15:17:00 | 000,001,242 | ---- | M] () -- C:\Users\David\Documents\cc_20101001_151657.reg
    [2010/10/01 15:16:37 | 000,001,242 | ---- | M] () -- C:\Users\David\Documents\cc_20101001_151634.reg
    [2010/10/01 15:16:14 | 000,011,002 | ---- | M] () -- C:\Users\David\Documents\cc_20101001_151609.reg
    [2010/10/01 14:54:54 | 000,451,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/09/22 00:06:17 | 000,000,386 | ---- | M] () -- C:\Users\David\Documents\cc_20100922_000612.reg
    [2010/09/21 00:23:16 | 000,239,134 | ---- | M] () -- C:\Windows\hpwins05.dat
    [2010/09/20 15:29:58 | 000,022,743 | ---- | M] () -- C:\Windows\hpqins15.dat
    [2010/09/20 15:13:56 | 000,001,074 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
    [2010/09/20 13:47:59 | 000,001,414 | ---- | M] () -- C:\Users\David\Documents\cc_20100920_134755.reg
    [2010/09/20 13:13:15 | 000,081,737 | ---- | M] () -- C:\Windows\hpqins13.dat
    [2010/09/20 13:09:44 | 000,239,855 | ---- | M] () -- C:\Windows\hpwins05.dat.temp
    [2010/09/20 13:02:01 | 000,001,977 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/09/20 12:35:37 | 000,034,654 | ---- | M] () -- C:\Users\David\Documents\cc_20100920_123533.reg
    [2010/09/20 12:28:00 | 000,000,496 | ---- | M] () -- C:\Users\David\Documents\cc_20100920_122756.reg
    [2010/09/20 12:27:40 | 000,001,010 | ---- | M] () -- C:\Users\David\Documents\cc_20100920_122735.reg
    [2010/09/20 12:27:18 | 000,012,364 | ---- | M] () -- C:\Users\David\Documents\cc_20100920_122712.reg
    [2010/09/17 19:36:05 | 000,000,754 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/09/17 02:08:54 | 000,086,982 | ---- | M] () -- C:\Users\David\Documents\cc_20100917_020843.reg
    [2010/09/13 17:27:21 | 000,003,058 | ---- | M] () -- C:\Windows\wsnk.his
    [2010/09/13 17:27:21 | 000,000,955 | ---- | M] () -- C:\Windows\wsnk.ini
    [2010/09/06 12:07:43 | 000,002,401 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
    [2010/08/19 01:21:05 | 000,476,084 | ---- | M] () -- C:\Users\David\Documents\FastStone Capture.pdf
    [2010/08/18 18:54:12 | 008,282,304 | ---- | M] () -- C:\MARS.zip
    [2010/08/16 16:47:05 | 000,000,509 | ---- | M] () -- C:\Users\David\_viminfo
    [2010/08/11 12:35:24 | 000,002,101 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\BlackBerry Desktop Software.lnk
    [2010/08/08 02:44:49 | 000,011,066 | ---- | M] () -- C:\Users\David\Documents\cc_20100808_024442.reg
    [2010/08/07 14:28:28 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
    [2010/08/01 22:36:52 | 000,080,384 | ---- | M] () -- C:\Users\David\Desktop\MBRCheck.exe
    [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) -- C:\Windows\System32\drivers\eamonm.sys
    [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfw.sys
    [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys
    [2010/07/29 13:31:26 | 000,041,336 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwwfp.sys
    [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwndis.sys
    [2010/07/25 15:56:21 | 000,001,041 | ---- | M] () -- C:\Users\David\AppData\Roaming\vso_ts_preview.xml
    [2010/07/23 13:11:49 | 000,000,090 | ---- | M] () -- C:\Windows\System32\ftm31.dat

    ========== Files Created - No Company Name ==========

    [2010/10/20 01:22:53 | 000,077,312 | ---- | C] () -- C:\Users\David\Desktop\mbr.exe
    [2010/10/20 00:31:34 | 000,294,912 | ---- | C] () -- C:\Users\David\Desktop\755w3q1i.exe
    [2010/10/19 09:45:49 | 000,206,313 | ---- | C] () -- C:\Users\David\Desktop\Thank You.pdf
    [2010/10/19 07:45:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/19 07:45:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/19 07:45:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/19 07:45:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/19 07:45:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/19 07:43:16 | 003,880,194 | R--- | C] () -- C:\Users\David\Desktop\ComboFix.exe
    [2010/10/19 00:00:31 | 000,080,384 | ---- | C] () -- C:\Users\David\Desktop\MBRCheck.exe
    [2010/10/18 15:02:56 | 000,002,584 | ---- | C] () -- C:\Users\David\Documents\cc_20101018_150252.reg
    [2010/10/17 16:56:01 | 000,000,036 | ---- | C] () -- C:\Users\David\AppData\Local\housecall.guid.cache
    [2010/10/17 01:24:58 | 000,000,775 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\MailWasherPro.lnk
    [2010/10/16 13:17:52 | 000,001,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/10/16 13:17:52 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cordless DUALphone Startup.lnk
    [2010/10/16 13:17:52 | 000,000,795 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
    [2010/10/14 16:18:35 | 000,003,160 | ---- | C] () -- C:\Users\David\Documents\cc_20101014_161831.reg
    [2010/10/06 13:12:53 | 000,270,210 | ---- | C] () -- C:\Users\David\Desktop\T957 BLO Beresford Road.pdf
    [2010/10/06 01:28:35 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
    [2010/10/01 15:28:59 | 000,000,286 | ---- | C] () -- C:\Users\David\Documents\cc_20101001_152857.reg
    [2010/10/01 15:28:33 | 000,044,614 | ---- | C] () -- C:\Users\David\Documents\cc_20101001_152831.reg
    [2010/10/01 15:16:59 | 000,001,242 | ---- | C] () -- C:\Users\David\Documents\cc_20101001_151657.reg
    [2010/10/01 15:16:36 | 000,001,242 | ---- | C] () -- C:\Users\David\Documents\cc_20101001_151634.reg
    [2010/10/01 15:16:12 | 000,011,002 | ---- | C] () -- C:\Users\David\Documents\cc_20101001_151609.reg
    [2010/09/22 00:06:15 | 000,000,386 | ---- | C] () -- C:\Users\David\Documents\cc_20100922_000612.reg
    [2010/09/20 15:29:57 | 000,022,743 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/09/20 13:47:57 | 000,001,414 | ---- | C] () -- C:\Users\David\Documents\cc_20100920_134755.reg
    [2010/09/20 13:12:03 | 000,081,737 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2010/09/20 12:58:47 | 000,239,134 | ---- | C] () -- C:\Windows\hpwins05.dat
    [2010/09/20 12:58:47 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
    [2010/09/20 12:35:36 | 000,034,654 | ---- | C] () -- C:\Users\David\Documents\cc_20100920_123533.reg
    [2010/09/20 12:27:58 | 000,000,496 | ---- | C] () -- C:\Users\David\Documents\cc_20100920_122756.reg
    [2010/09/20 12:27:38 | 000,001,010 | ---- | C] () -- C:\Users\David\Documents\cc_20100920_122735.reg
    [2010/09/20 12:27:15 | 000,012,364 | ---- | C] () -- C:\Users\David\Documents\cc_20100920_122712.reg
    [2010/09/18 15:31:53 | 000,239,855 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
    [2010/09/17 19:36:05 | 000,000,754 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/09/17 10:51:14 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
    [2010/09/17 10:23:53 | 000,034,847 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/09/17 02:08:50 | 000,086,982 | ---- | C] () -- C:\Users\David\Documents\cc_20100917_020843.reg
    [2010/09/13 17:23:31 | 000,003,058 | ---- | C] () -- C:\Windows\wsnk.his
    [2010/09/13 17:23:31 | 000,000,955 | ---- | C] () -- C:\Windows\wsnk.ini
    [2010/08/19 01:21:03 | 000,476,084 | ---- | C] () -- C:\Users\David\Documents\FastStone Capture.pdf
    [2010/08/18 18:54:07 | 008,282,304 | ---- | C] () -- C:\MARS.zip
    [2010/08/16 16:46:52 | 000,000,509 | ---- | C] () -- C:\Users\David\_viminfo
    [2010/08/11 12:46:02 | 000,000,847 | ---- | C] () -- C:\Users\David\AppData\Roaming\Rim.Desktop.Exception.log
    [2010/08/11 12:35:34 | 000,001,602 | ---- | C] () -- C:\Users\David\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/08/11 12:35:24 | 000,002,101 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\BlackBerry Desktop Software.lnk
    [2010/08/08 02:44:45 | 000,011,066 | ---- | C] () -- C:\Users\David\Documents\cc_20100808_024442.reg
    [2010/07/23 13:11:49 | 000,000,090 | ---- | C] () -- C:\Windows\System32\ftm31.dat
    [2009/12/22 12:17:01 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
    [2009/12/15 18:35:28 | 000,000,034 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.log
    [2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/24 19:31:36 | 000,037,704 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft Excel.ADR
    [2009/11/06 01:40:14 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
    [2009/08/05 18:04:30 | 000,000,818 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/05/27 23:55:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/03/05 14:49:39 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\rx_image.Cache
    [2009/03/02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2008/09/15 11:15:10 | 000,028,160 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/09/10 11:55:13 | 000,001,041 | ---- | C] () -- C:\Users\David\AppData\Roaming\vso_ts_preview.xml
    [2008/09/10 11:54:17 | 000,007,887 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.cat
    [2008/09/10 11:54:17 | 000,001,144 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.inf
    [2008/07/26 15:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
    [2008/07/26 14:18:24 | 000,061,678 | ---- | C] () -- C:\Users\David\AppData\Roaming\PFP120JPR.{PB
    [2008/07/26 14:18:24 | 000,012,358 | ---- | C] () -- C:\Users\David\AppData\Roaming\PFP120JCM.{PB
    [2008/07/26 12:28:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/07/26 12:28:51 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
    [2008/07/26 12:28:46 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
    [2007/10/11 15:06:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2007/10/11 15:05:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2007/10/11 15:04:04 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
    [2007/10/11 15:04:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
    [2007/10/11 15:04:04 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
    [2007/10/11 15:04:04 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
    [2007/07/04 16:16:57 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
    [2007/04/13 22:43:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
    [2007/04/13 21:20:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2007/02/25 22:02:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2005/11/23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
    [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== LOP Check ==========

    [2010/10/10 01:33:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.purple
    [2010/09/09 12:17:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Abine
    [2010/06/19 14:41:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity
    [2009/10/25 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2009/11/26 16:06:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Blackberry Desktop
    [2009/02/16 16:13:16 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/10/15 11:48:07 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
    [2010/08/04 00:44:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/02/16 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Efficient Diary
    [2010/08/13 12:10:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\enchant
    [2010/10/14 01:50:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ESET
    [2010/09/29 22:05:49 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Firetrust
    [2009/03/25 15:45:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Foxit
    [2010/09/05 01:43:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Foxit Software
    [2010/07/27 00:41:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\gtk-2.0
    [2009/11/29 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HandBrake
    [2008/10/22 17:36:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InfraRecorder
    [2009/06/14 14:05:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IObit
    [2010/05/21 12:14:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IrfanView
    [2010/04/22 15:55:34 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Leadertech
    [2010/09/24 09:11:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Magnifier
    [2010/07/23 13:26:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MailWasherPro
    [2009/07/02 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mchid
    [2010/09/16 03:55:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MiniDm
    [2010/02/13 16:37:26 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
    [2010/08/11 12:46:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Research In Motion
    [2010/02/25 17:00:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Stellarium
    [2010/01/27 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TaskCoach
    [2010/10/17 12:41:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Thunderbird
    [2008/09/04 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TomTom
    [2008/09/15 01:22:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\toshiba
    [2010/07/25 15:56:21 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Vso
    [2010/10/01 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
    [2010/02/17 11:40:30 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\XnView
    [2010/10/19 08:05:11 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/10/19 18:52:10 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4B3E10B0-05DD-42D0-B573-99580A66244C}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/04/13 12:06:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/10/19 08:01:00 | 000,028,271 | ---- | M] () -- C:\ComboFix.txt
    [2009/10/16 16:01:53 | 000,000,010 | RHS- | M] () -- C:\config.sys
    [2008/07/26 15:06:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/18 18:54:12 | 008,282,304 | ---- | M] () -- C:\MARS.zip
    [2008/07/26 15:06:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/10/19 08:06:27 | 3533,373,440 | -HS- | M] () -- C:\pagefile.sys
    [2007/10/12 02:06:49 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT

    < %systemroot%\Fonts\*.com >
    [2006/11/02 13:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 13:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 13:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/05/28 00:08:31 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/08/17 21:27:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4x6.dll
    [2008/07/24 12:09:54 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp58a.dll
    [1998/12/12 01:29:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\OLFPNT40.DLL

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/05/12 13:33:05 | 000,001,706 | -H-- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2008/07/24 16:36:03 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/04/13 12:06:06 | 006,766,592 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2007/04/13 12:06:04 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2007/04/13 12:06:06 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2007/04/13 12:06:13 | 015,302,656 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2007/04/13 12:06:14 | 005,992,448 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/28 18:10:53 | 000,000,812 | -HS- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/20 00:31:34 | 000,294,912 | ---- | M] () -- C:\Users\David\Desktop\755w3q1i.exe
    [2010/10/19 07:43:26 | 003,880,194 | R--- | M] () -- C:\Users\David\Desktop\ComboFix.exe
    [2010/10/18 17:55:05 | 014,404,616 | ---- | M] (PortableApps.com) -- C:\Users\David\Desktop\Java_Portable_6_Update_22_online.paf.exe
    [2009/10/21 07:27:21 | 000,077,312 | ---- | M] () -- C:\Users\David\Desktop\mbr.exe
    [2010/08/01 22:36:52 | 000,080,384 | ---- | M] () -- C:\Users\David\Desktop\MBRCheck.exe
    [2010/10/13 01:18:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2010/10/18 16:40:15 | 000,753,944 | ---- | M] (PortableApps.com) -- C:\Users\David\Desktop\SkypePortable_5.0.0.152_online.paf.exe
    [2010/10/19 16:25:19 | 000,312,857 | ---- | M] (62NDS Solutions) -- C:\Users\David\Desktop\windizupdate_setup.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [1998/12/09 03:53:54 | 000,099,840 | ---- | M] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
    [1998/12/09 03:53:54 | 000,048,640 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
    [1998/12/09 03:53:54 | 000,070,144 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
    [1998/12/09 03:53:54 | 000,186,368 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
    [1998/12/09 03:53:54 | 000,017,920 | ---- | M] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
    [1998/12/09 03:53:54 | 000,031,744 | ---- | M] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2006/11/02 13:36:17 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/11/18 19:44:53 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/11/18 19:44:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2009/11/18 19:44:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2009/11/18 19:44:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/11/18 19:44:22 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2009/11/18 19:44:23 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/12/10 14:03:33 | 000,000,402 | -HS- | M] () -- C:\Users\David\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/10/05 16:23:05 | 000,034,847 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1992/03/23 00:00:00 | 000,016,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system\REGLOAD.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2009/08/02 21:31:43 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Computing-IT??) -- C:\Users\David\Favorites\Computing-IT​​
    [2009/08/02 21:31:42 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Media??) -- C:\Users\David\Favorites\Media​​
    [2009/08/02 21:31:41 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Unsorted Bookmarks?) -- C:\Users\David\Favorites\Unsorted Bookmarks​
    [2009/08/02 21:31:41 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Travel and Entertainment??) -- C:\Users\David\Favorites\Travel and Entertainment​​
    [2009/08/02 21:31:40 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Ubuntu Stuff??) -- C:\Users\David\Favorites\Ubuntu Stuff​​
    [2009/08/02 21:31:38 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Finance & Housing??) -- C:\Users\David\Favorites\Finance & Housing​​
    [2009/04/14 17:44:19 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Windows Live??) -- C:\Users\David\Favorites\Windows Live​​
    [2009/04/14 17:44:17 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Personal??) -- C:\Users\David\Favorites\Personal​​
    [2009/04/14 17:44:17 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Mozilla Firefox & Mozilla Information??) -- C:\Users\David\Favorites\Mozilla Firefox & Mozilla Information​​
    [2009/04/14 17:44:16 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Microsoft Stuff??) -- C:\Users\David\Favorites\Microsoft Stuff​​
    [2009/04/14 17:44:15 | 000,000,000 | ---D | M](C:\Users\David\Favorites\General??) -- C:\Users\David\Favorites\General​​
    [2009/04/14 17:44:13 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Climate Change??) -- C:\Users\David\Favorites\Climate Change​​
    [2009/04/14 17:44:12 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Microsoft Websites??) -- C:\Users\David\Favorites\Microsoft Websites​​
    [2009/04/14 17:42:43 | 000,000,000 | ---D | M](C:\Users\David\Favorites\Work?) -- C:\Users\David\Favorites\Work​

    < End of report >
     
    oserdavid,
    #18
  20. 2010/10/19
    oserdavid

    oserdavid Inactive Thread Starter

    Joined:
    2005/08/16
    Messages:
    216
    Likes Received:
    0
    And, finally, here is Extras.txt

    OTL Extras logfile created on: 20/10/2010 01:42:19 - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\David\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.22 Gb Total Space | 35.28 Gb Free Space | 47.54% Space Free | Partition Type: NTFS
    Drive D: | 149.05 Gb Total Space | 143.54 Gb Free Space | 96.30% Space Free | Partition Type: NTFS
    Drive E: | 73.36 Gb Total Space | 43.26 Gb Free Space | 58.97% Space Free | Partition Type: NTFS

    Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Browse with &IrfanView] -- "E:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3163960785-4089710465-953466431-1003]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07C91A14-E401-4B71-AFDB-412C3D414AA1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1C643B07-AA18-490A-8F63-2B1C65507EC6}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{4A5CA29B-A002-45D5-9E7A-FE299DAC68E4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E535C95-FE36-49DA-92C6-32CCF4CC67F2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{529ECA0A-2E9D-45FD-8E1C-D41FAE709469}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{5581218F-337A-4B0B-8CAF-DFD2420E60A7}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{583B55DB-1502-46A6-A226-C33DF851662F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{75B4AD3C-B839-492E-B1F0-6394FD2A0CD3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{75E7E613-18D5-4D52-87B9-9105E8BA55D3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7D7E3079-1B9B-4FBF-8812-FBF698A77CD5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{7F3ED88B-B485-4CFF-AAC4-5DDC0FD823AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{849AB927-3195-4206-A680-75C008FE948D}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
    "{85FD49CA-9AC3-4CD1-BB2A-A4F38D4FDF44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9128D629-FA48-47B8-8669-C5A2E9932835}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{93AE8E9A-BDE9-4CEE-96C2-394D6645B403}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
    "{9954FC40-D422-4300-AD3A-1DB44DE49A35}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
    "{A294E513-1D13-44E2-B32E-DECA2CE41759}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{A79541A8-9424-4F35-A8B5-5F41357789B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{AF07D4D4-647F-419F-8920-4139FF0AA635}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{B350BF3C-7CAA-4652-B3F0-439F23BA187A}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{B558D615-B9BC-4556-A8DC-A7BF1016EB84}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
    "{B57B08A9-E425-4DB0-9952-C9C5CD3FB5EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C9F02309-EDF3-4611-9211-0F73BF13DCBA}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
    "{CA77E4EC-17D0-4F33-8B45-3333D314B3E8}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
    "{CFFF206D-32E8-4A6F-B58B-9D3B564B0EFA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{D059F3BF-A78C-4F58-A5CE-427CB9190C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DD3C963F-9689-45C3-8507-15BF91217E5C}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{DEA920C5-C7CA-4FC2-8AB2-DAF155D82C22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EE9DFCD5-781D-431F-9DD6-AB5F18A35266}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F5BD884C-E1E5-4B36-989F-69AFF13B23C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F5D6FE38-0DB7-4BDE-83E6-5906594E0ECA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{F674E57A-C6D2-437C-BB6E-F40CA8ED9043}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06DBCBE5-EF48-4206-B325-A485B13359B7}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{0745D0E0-F1D7-4D7B-8295-4D9F613EBC9D}" = protocol=6 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{07DCEE85-8699-4783-A97C-DA33A5FF0804}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry\redirector.exe |
    "{088798DD-4905-44B3-86C8-EEEE27AD51D8}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{0A675297-C783-4BD5-988F-3F50C8725305}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{0B3AD454-9C3A-48A7-ABCC-0CEF15DC409F}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
    "{0C42CF50-E9E6-4D91-A03F-9C2E0F46A59E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0DE9FD1C-A533-4C03-96E0-AECE61BB9EB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{10FC5502-492F-489C-A508-D4F1B97DAC30}" = protocol=6 | dir=in | app=e:\program files\skype\phone\skype.exe |
    "{114EAC10-5EC8-47C1-889A-AC70E59E3665}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{13541BDE-0FEE-4939-82FB-5350A577F421}" = dir=in | app=g:\portableapps\skype\skype.exe |
    "{16F4B9F8-2FAA-42B4-ADFC-2E37C5DDBAA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{1704303E-7896-4441-96D2-E2B7EB1A6750}" = protocol=17 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{17E31180-852B-4B97-A60B-09B2081142B4}" = protocol=17 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
    "{1B11FDF5-C798-4989-BF8B-3B76A35787A0}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\7zs9b76.tmp\setup\hpznui01.exe |
    "{1C398EF4-912F-4D24-91C1-53BFF6F1E9D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1DDF35C6-CD46-42FA-91B5-6AE1129B5B7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{1F04E197-5A2F-4AA8-958A-D9872CDA0427}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{1F75ABF9-B003-4A29-8371-1058C69DD449}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{1FC04592-331A-4B4E-9DC6-586C19D4DE3E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry\redirector.exe |
    "{208807EB-338C-493A-99D3-C0339AF26727}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{20B7F79F-C670-497D-ADE8-9B02D86D7EEE}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{214ED5BC-BC70-4DCB-A6A0-55AA472EFE13}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{303A7CA7-D6F8-4EE0-85E5-11B779DFE27C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{303FD411-F75B-4D5E-BC86-AF74F917B469}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{31D24C74-DF49-4F60-8309-CC2D167DE978}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{33C3CCDA-9F45-4828-8891-205C4A1CC23E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{34050503-F13D-42A3-8759-431D7E94BAD6}" = dir=in | app=e:\program files\itunes\itunes.exe |
    "{357B84A9-78D3-486C-8E25-6863FA4E7187}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{3798F39E-A4DB-49B0-A276-398D4677CB13}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry media sync\blackberry music sync.exe |
    "{37E4D037-3979-4B64-A712-EA75BE076138}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{38A9B54F-E9C8-4761-A2C1-3C822FA0CC48}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{3B065C85-6683-41BC-A703-0B8DBBFADE5E}" = protocol=6 | dir=out | app=system |
    "{3BA5E1D6-237D-459A-A609-E790212D466D}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
    "{3DCA32E1-F5A9-474A-8A90-6EB2F025ABB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{40FDA6DD-1A20-4C87-AB3F-4202309736B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{426FA1A9-6A26-4187-A025-7B464F68802E}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{45225953-4E56-40C4-B847-13BCBC3FC753}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry media sync\blackberry music sync.exe |
    "{45A7EF8A-F502-4CF8-9F18-E0ECEF7E6D8F}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{4B31627A-1DD8-4F00-9DC7-A2612CEB32CD}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{4C107677-C023-41C3-A102-FFAA7DDE9E1A}" = protocol=6 | dir=in | app=c:\program files\cordless usb phone\ucpgui.exe |
    "{4C5B7C75-95FD-4310-BCCB-FEF4F11B063A}" = protocol=6 | dir=in | app=e:\program files\spotify\spotify.exe |
    "{4E5A4254-7B22-4F5C-AAC9-F289F9596052}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
    "{53F300E3-699F-4838-8B36-C2F3C70AFA7C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{54049F1A-3D82-442D-B653-E785068B79D6}" = protocol=6 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqthb08.exe |
    "{55E83542-CCE6-472C-BD0F-609DB3257142}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{56577BD5-D6FA-4E00-A7E6-DB20CFCF4B6F}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "{58BAF15E-5E7B-4693-BEBF-A7E29153B561}" = protocol=6 | dir=in | app=e:\program files\bittorrent\bittorrent.exe |
    "{6291DFC7-A0FE-490F-AAEE-69B5C193A784}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{62D65802-8D32-4971-8EFD-685CF3B40C36}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{6376DD6B-D556-4828-AE20-26A2756B9AD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6D28A050-1F4C-4F9C-8EAB-3508D901745F}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{6FFE314A-976E-4FB8-8DF2-4F3B7FB1063F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7265A5B1-898A-44F3-8A15-B36369E477C6}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.dll |
    "{72CA8618-9B99-4161-9E78-CDDB000416E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{74161051-B827-4E3A-BD79-BB6F6CF68628}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7C1BB714-DB74-4E7B-A781-1C1E4BE5971B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{807B329A-E566-436A-A042-0B61148E42C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{80F7E7AA-8496-4480-8F12-F8CD4FF05E05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{847BB391-C839-4F30-9E3E-C9C64731DD1C}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "{8956BD2C-F756-4424-ADB3-8C2DBF3E22B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{89B6386C-EF12-4E7B-AB9A-2880EB26934F}" = protocol=17 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqthb08.exe |
    "{8A3D92ED-D13B-4C45-A913-A2B2EEDAC62C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{8AF1EE97-EF55-4E98-8071-83DFD281BFE8}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqthb08.exe |
    "{8F6295F5-D742-43EE-9FB4-CFC14FA4D44F}" = protocol=17 | dir=in | app=e:\program files\bittorrent\bittorrent.exe |
    "{92655AC0-1CBA-4BFA-B50D-474506F88392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9644FE13-DFB2-4228-9E3F-6DB5C2D8DF84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9AC0CBB3-3652-4E8F-8139-68CDFF96AC59}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
    "{9D07F003-20FE-484C-8B53-8EFAA6557D61}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A400EFDE-760E-402D-A0D7-30956B649DA3}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe |
    "{A41C05EF-BCE5-40D5-9917-5F9D54821B35}" = protocol=17 | dir=in | app=e:\program files\spotify\spotify.exe |
    "{A8763A9C-8D72-442A-9FAE-76EB292F7372}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{B16E9F12-36B8-422B-9111-CE31DF70CE68}" = protocol=17 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
    "{B7273C70-5EA4-4761-9102-E2C92A345199}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{B7663B41-5C8F-4C41-A29D-25EC23DA7CE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{B891D780-9D0D-469C-AAEE-7E95DAE65050}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{BD1A7EB7-AFA7-4BD5-A872-2D1221196BC8}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{BD3E0A9A-4F99-4CB0-9888-1630289E3742}" = dir=in | app=g:\portableapps\skype\skype.exe |
    "{BEC8D228-7C42-4729-93DC-5EB88678312A}" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\7zs9b76.tmp\setup\hponicifs01.exe |
    "{BF1C7D7C-E39C-4B14-8544-77A69ABB6D98}" = protocol=6 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{C0256ACF-CB35-47BA-91D2-9B18CDE5F89B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{C03D3476-C445-4544-9933-2543121C1453}" = protocol=17 | dir=in | app=e:\program files\skype\plugin manager\skypepm.exe |
    "{C0DF72E7-12DE-4301-A49A-EED8A6D85024}" = protocol=17 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{C1993178-8FBF-43F4-BFD3-8F480FB67A92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{C66E0A59-0921-4D0E-A490-82E8D74D2748}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{C846EC57-816B-4D63-8B66-8E074AACFF44}" = protocol=6 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
    "{CB29FB26-2BAA-4D81-90D5-6A9D855C1975}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{CC29A79C-BD02-4A1D-A087-0A83F055FF75}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{CDFBCAEC-F370-4DD5-9D5C-8FC6D80D414C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{CFFA901E-2344-48BF-9759-86BB462B0F0C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{D3AC8A45-C474-4EB8-8AFC-321D9411DBAC}" = protocol=6 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{D467412C-AB01-466D-8DDD-7B3B6E23E5E4}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{D4856723-2BA3-4744-A1C6-02CA72B2977F}" = protocol=6 | dir=in | app=e:\program files\skype\plugin manager\skypepm.exe |
    "{D577FD6C-1A88-43A8-8E53-3A509C898E8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D5DB2402-2DF1-40BE-AEFE-061994A232B8}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{D67C62D1-45B0-47EA-9E71-1D544B7792F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{D6EF1A22-C956-4F01-B32A-869F73F0665A}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\7zs9b76.tmp\setup\hponicifs01.exe |
    "{D72AAFA9-EDFE-432F-B904-5839414A7A9C}" = protocol=6 | dir=in | app=e:\program files\videolan\vlc\vlc.exe |
    "{D84C1C18-25DD-4764-BAA5-C285DC2D7137}" = protocol=6 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{DA751A3E-078E-4458-88F7-3257D4FDDFC4}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{E20AA90D-9EBF-4FE5-A74D-24F77AAAD630}" = dir=in | app=c:\users\david\appdata\local\temp\7zs0426\ojprol7x00_full_14\setup\hpznui01.exe |
    "{E94B5C43-52ED-49F1-B6E4-CB4ED3546C3B}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\7zs9b76.tmp\setup\hpznui01.exe |
    "{EB8733CF-B5BC-491D-BAD0-4CD2ED30321B}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
    "{EC776277-6069-41AC-AFA0-E287736FBC39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{F84E9AF1-3190-4950-BBBA-C910A8700558}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FEB64F63-1D41-4ACD-94BA-CE522484861A}" = protocol=17 | dir=in | app=c:\program files\cordless usb phone\ucpgui.exe |
    "{FEBFC314-774E-4A69-A859-9654238B14A0}" = protocol=17 | dir=in | app=c:\program files\hp\digital imaging\bin\hpqthb08.exe |
    "{FFA9B776-C58B-49D2-ACB2-0F8BFF408596}" = protocol=17 | dir=out | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "TCP Query User{08E8C02D-AA4B-4C8F-A768-447E3AD54EBF}E:\program files\firetrust\mailwasher\mailwasherproapp.exe" = protocol=6 | dir=in | app=e:\program files\firetrust\mailwasher\mailwasherproapp.exe |
    "TCP Query User{0E192407-36D3-428D-893A-2FF694C1F6C2}E:\program files\minefield\firefox.exe" = protocol=6 | dir=in | app=e:\program files\minefield\firefox.exe |
    "TCP Query User{1BC62D60-8D56-44AB-AEA2-41E64560FF9B}E:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=e:\program files\real alternative\media player classic\mplayerc.exe |
    "TCP Query User{2378A320-F4FE-444E-ABE2-A2D05937A00D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
    "TCP Query User{2DBD11B8-8FD7-4A30-8D65-005977B8678C}C:\users\david\desktop\housecall66.exe" = protocol=6 | dir=in | app=c:\users\david\desktop\housecall66.exe |
    "TCP Query User{376B05E8-69E4-4D64-A8F8-4F1929149D02}H:\portableapps\firefoxportable\app\firefox\firefox.exe" = protocol=6 | dir=in | app=h:\portableapps\firefoxportable\app\firefox\firefox.exe |
    "TCP Query User{3BB50FCE-BE55-48C5-954C-AC1B3BDD8AB4}E:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=e:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{3F351D79-120E-4E4B-BA31-18EA4D9F9670}E:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=e:\program files\quicktime\quicktimeplayer.exe |
    "TCP Query User{4D67C0CA-846B-434E-9B93-4CBF7E4DFC39}G:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=g:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "TCP Query User{4F88326E-57BE-46F2-80B5-07CC31A4AA96}E:\program files\firetrust\mailwasher\mailwasherproapp.exe" = protocol=6 | dir=in | app=e:\program files\firetrust\mailwasher\mailwasherproapp.exe |
    "TCP Query User{659B0F67-9CFE-42CB-8B24-B41F3B40F3F2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "TCP Query User{66DFBE66-4A0C-4FB9-8C02-BB8A6EB72434}E:\program files\real\realplay.exe" = protocol=6 | dir=in | app=e:\program files\real\realplay.exe |
    "TCP Query User{6C52F021-1943-4B65-9E71-93F4263AE7BA}C:\users\david\desktop\housecall66_001.exe" = protocol=6 | dir=in | app=c:\users\david\desktop\housecall66_001.exe |
    "TCP Query User{7587A1E9-A998-45A3-BBBA-535A4B8B6424}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "TCP Query User{95FEA23E-35C9-41CF-A696-A4D4FAF1BF14}E:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=e:\program files\skype\phone\skype.exe |
    "TCP Query User{A0C290EC-AA9C-4A17-AED8-A628441B4DF7}E:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=e:\program files\java\jre6\bin\java.exe |
    "TCP Query User{AA7050CD-EED2-4401-8895-9AF259B572E5}E:\program files\mozilla firefox 3.1 beta 1\firefox.exe" = protocol=6 | dir=in | app=e:\program files\mozilla firefox 3.1 beta 1\firefox.exe |
    "TCP Query User{B33634C4-492D-4DC7-8F09-F62D9ECBBC59}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{C985E221-268B-4FD2-8184-B62137D0624C}E:\program files\k-lite codec pack\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=e:\program files\k-lite codec pack\media player classic\mplayerc.exe |
    "TCP Query User{CA53DB84-E4A9-475F-9198-C9F68EE8A3CA}C:\users\david\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{D1A6FEDA-FFE1-4997-B811-E2303FC48785}I:\portableapps\firefoxportable\app\firefox\firefox.exe" = protocol=6 | dir=in | app=i:\portableapps\firefoxportable\app\firefox\firefox.exe |
    "TCP Query User{D98B9E3E-B261-4ADF-BD96-6DF29507CE15}C:\users\david\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\wzse0.tmp\symnrt.exe |
    "TCP Query User{E0F29F5F-C14C-4CB8-BA81-43B4F62BF22F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{E7140294-9B61-4767-8A56-10AB4F2DE436}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "TCP Query User{F4A9793D-C112-4829-9CFC-D30C08423185}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
    "TCP Query User{F6BB6B06-7A2C-4D46-BFEC-B55DB785C2D8}E:\program files\microsoft office\office\1033\wfxmsrvr.exe" = protocol=6 | dir=in | app=e:\program files\microsoft office\office\1033\wfxmsrvr.exe |
    "TCP Query User{F95261A7-35CE-40EF-BDA4-EFCE273DA404}E:\program files\2hotspot\program\dhcpd.exe" = protocol=6 | dir=in | app=e:\program files\2hotspot\program\dhcpd.exe |
    "TCP Query User{FA368608-917D-49A4-9330-9AFD8C1EF002}E:\program files\shiretoko\firefox.exe" = protocol=6 | dir=in | app=e:\program files\shiretoko\firefox.exe |
    "TCP Query User{FD120E7F-DF40-48EE-B052-59DBEFEEB5F7}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "UDP Query User{21B09492-2D54-4FE8-9B60-3ED29D417BDA}E:\program files\real\realplay.exe" = protocol=17 | dir=in | app=e:\program files\real\realplay.exe |
    "UDP Query User{2432FAD3-8E16-4683-934F-32D0FB4DA24C}E:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=e:\program files\real alternative\media player classic\mplayerc.exe |
    "UDP Query User{3A86821B-AB6F-4F3B-AA78-BD38C3CE33A3}E:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=e:\program files\java\jre6\bin\java.exe |
    "UDP Query User{44AA5147-514F-4377-B98C-E481BF4BB924}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
    "UDP Query User{45CFBA1A-DB6D-4CAF-8B5C-B1DAE3F32F1D}C:\users\david\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{47D4E4F3-691F-45F8-AF77-BA158EE72259}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "UDP Query User{51886E5D-D068-4451-A054-8700BBB4B299}E:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=e:\program files\quicktime\quicktimeplayer.exe |
    "UDP Query User{59C96ACA-CB82-4A07-A423-44D59EB62488}E:\program files\k-lite codec pack\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=e:\program files\k-lite codec pack\media player classic\mplayerc.exe |
    "UDP Query User{61D43663-EE26-4D93-876E-EF333E86628B}E:\program files\minefield\firefox.exe" = protocol=17 | dir=in | app=e:\program files\minefield\firefox.exe |
    "UDP Query User{62789BDD-4C14-4B18-96AA-432EAE4C0BB0}E:\program files\shiretoko\firefox.exe" = protocol=17 | dir=in | app=e:\program files\shiretoko\firefox.exe |
    "UDP Query User{6443C1CC-0D01-42ED-B1B8-BF2460E49300}E:\program files\firetrust\mailwasher\mailwasherproapp.exe" = protocol=17 | dir=in | app=e:\program files\firetrust\mailwasher\mailwasherproapp.exe |
    "UDP Query User{6D531221-B053-4675-B71A-E0A078832AE9}E:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=e:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{70B0A686-9FA7-407C-AD69-C31E034BA0C6}E:\program files\2hotspot\program\dhcpd.exe" = protocol=17 | dir=in | app=e:\program files\2hotspot\program\dhcpd.exe |
    "UDP Query User{8169F306-94B9-48A9-9F4F-AF9DAA254AE6}H:\portableapps\firefoxportable\app\firefox\firefox.exe" = protocol=17 | dir=in | app=h:\portableapps\firefoxportable\app\firefox\firefox.exe |
    "UDP Query User{866E66EC-0465-4FB4-A1BA-75F633ED2684}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{992FE6D4-1269-49E9-A947-DB555F5A8230}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
    "UDP Query User{A414BE82-D23E-4F94-8BD3-20BCB240B147}C:\users\david\desktop\housecall66.exe" = protocol=17 | dir=in | app=c:\users\david\desktop\housecall66.exe |
    "UDP Query User{A9D98E07-B2EA-4DE3-9391-E5BC1C56EFE8}I:\portableapps\firefoxportable\app\firefox\firefox.exe" = protocol=17 | dir=in | app=i:\portableapps\firefoxportable\app\firefox\firefox.exe |
    "UDP Query User{B0D73470-7D32-4AC1-8B85-B4B0E0F9B38D}C:\users\david\desktop\housecall66_001.exe" = protocol=17 | dir=in | app=c:\users\david\desktop\housecall66_001.exe |
    "UDP Query User{B590A99A-7968-49E4-9709-3A5820D46574}E:\program files\microsoft office\office\1033\wfxmsrvr.exe" = protocol=17 | dir=in | app=e:\program files\microsoft office\office\1033\wfxmsrvr.exe |
    "UDP Query User{BB9F2CF1-94F2-44CB-8A6A-DE1448B7803E}E:\program files\mozilla firefox 3.1 beta 1\firefox.exe" = protocol=17 | dir=in | app=e:\program files\mozilla firefox 3.1 beta 1\firefox.exe |
    "UDP Query User{CF6BFE00-959A-453D-9C5D-0F132A68B8CA}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "UDP Query User{D7314224-2506-477A-9979-E8E4A884324A}E:\program files\firetrust\mailwasher\mailwasherproapp.exe" = protocol=17 | dir=in | app=e:\program files\firetrust\mailwasher\mailwasherproapp.exe |
    "UDP Query User{E31BAE48-50B2-46F2-A706-55F71FCFF2F8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "UDP Query User{E641FC71-8EDF-41EF-AED2-84138906B642}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{E8537EE2-7270-4E68-9FE0-E7D16CCC5AFB}C:\users\david\appdata\local\temp\wzse0.tmp\symnrt.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\local\temp\wzse0.tmp\symnrt.exe |
    "UDP Query User{F4CE87F6-B47D-41E1-9BA4-B96938C32749}G:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=g:\portableapps\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{F8B85D85-EE2E-401E-A579-EAC1F469E524}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = BELKIN Bluetooth Software 6.0.1.4400
    "{040D3C87-C028-4213-50C5-7A41C02A84CF}" = CCC Help Dutch
    "{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
    "{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
    "{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0827A30F-B349-4247-C003-1EDEEA3F75A0}" = Catalyst Control Center Localization Finnish
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0A00AE5F-E08E-787E-48C0-BABE8B1B4C84}" = CCC Help Polish
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CA13800-EF17-741F-08BA-53F26908C8A8}" = ccc-utility
    "{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14B78489-B0E7-4B36-FFFD-9E6BB1C9B14E}" = Catalyst Control Center Graphics Full New
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1945916C-660A-F916-3EDE-5E31C17D97EB}" = CCC Help Turkish
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2202F1B7-3749-BFCD-6794-18C50307D3CA}" = Catalyst Control Center Graphics Previews Vista
    "{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
    "{25E37249-2688-07EA-A892-C4F53EB86B22}" = CCC Help German
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{298BE1F8-4A40-8BE7-BBD9-4C7171389C16}" = Catalyst Control Center Localization Norwegian
    "{2D0C679F-6D2E-3DB6-7FAF-8092F94B4FDF}" = CCC Help Chinese Standard
    "{2F9C86AE-85C2-B9D4-BF10-59BE20C42914}" = CCC Help Swedish
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
    "{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3932745C-7335-6F80-25DB-2ADCED63B287}" = Catalyst Control Center Localization Russian
    "{3A6396DC-F35E-1083-5DCB-512BBB723D3B}" = Catalyst Control Center Localization Portuguese
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CE3EA90-E186-11B1-17A7-D1C133FBA951}" = CCC Help Russian
    "{3D8E04DE-4944-CC6E-77A9-C83666F93EB8}" = Catalyst Control Center Localization French
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4223EFD6-5466-DE65-D829-1E29626FA757}" = CCC Help Korean
    "{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
    "{4478F10E-BB85-C351-A8DD-2D8E26086ECC}" = Catalyst Control Center Localization Swedish
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E5901EE-4746-88ED-3771-915CCCFB17D2}" = Catalyst Control Center Core Implementation
    "{4EBDDD97-BC33-4F4C-8DF3-4FA4D83DF84E}" = Retrospect 7.6
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51A0008E-46AF-2800-9F82-1726ABDEBD31}" = CCC Help Finnish
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{52A929C7-2489-4F2D-81FD-1E4AEC431E0E}" = L7700
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{61FB1C6D-6200-5659-0C3C-7ABDAC982442}" = ATI Catalyst Install Manager
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{64FDE32B-72F5-445D-939B-8D3CD01CB388}" = ESET Smart Security
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{761A0675-6067-9405-E24F-839F3506D0A6}" = Catalyst Control Center Localization Italian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C4C5272-983F-BDC5-1223-03814D4D393E}" = CCC Help French
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80BBE326-A06D-EB99-C804-DAC994C2CDCE}" = CCC Help English
    "{80D23E2E-09A5-C202-DB22-2363D5DF7880}" = Catalyst Control Center Localization Chinese Standard
    "{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
    "{848F3E88-B442-06C0-B0C5-1DB8F1AEFD0C}" = Catalyst Control Center Graphics Full Existing
    "{84FC6FDC-D076-BCB0-BC67-891A548AB4CA}" = ccc-core-static
    "{85948378-92EB-3B9E-1698-6650A3D2DB91}" = Catalyst Control Center Localization Korean
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{8950A48A-D79E-EA03-2A84-6DADE70931FB}" = CCC Help Thai
    "{89AB9D60-9C0D-21CE-0170-B20C220E5855}" = Catalyst Control Center Localization Thai
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CC28EDD-B675-1273-63D2-1603B4F80544}" = CCC Help Portuguese
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{9164E441-F732-5756-A4FB-99BC67A72ECC}" = CCC Help Spanish
    "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93099B48-E36A-46C9-A03F-C85201D9B1C1}" = Foxit PDF IFilter
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
    "{9725E06F-F21B-7751-F53D-B799EC9CC4D8}" = Catalyst Control Center Localization Hungarian
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B980CB3-A949-350B-C0C3-04BAE888ED16}" = Catalyst Control Center Localization Chinese Traditional
    "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
    "{9C6B0F16-94F6-4F0D-BC97-35474BF4A584}" = Tunebite
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}" = HP OfficeJet L7300/L7500/7600/7700
    "{9D986E6C-E3FA-17C5-11D4-C1B6B65B1284}" = Catalyst Control Center Graphics Light
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B308C894-4CC2-59C9-A5EE-EE22C8862AAB}" = CCC Help Italian
    "{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
    "{B5DBDD11-97A1-BBF4-D2D7-B381A4010F6C}" = Catalyst Control Center Localization Turkish
    "{B6605725-5BDB-9684-EE19-D9ABE687B360}" = CCC Help Chinese Traditional
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE6817F6-6CC1-9934-3DE4-BADA9471BCBD}" = Catalyst Control Center Graphics Previews Common
    "{C29DDB10-D329-163C-F381-5208FA737D9C}" = Catalyst Control Center Localization Polish
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C66ABB8B-82F6-D42D-A930-DEC5C3AAF2AF}" = CCC Help Czech
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{CED167D4-6300-EE0D-8A18-7EADAFBE3AF3}" = CCC Help Greek
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7883A10-E32D-01AC-BA5C-32AB8D949AAC}" = Catalyst Control Center Localization Czech
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB1440A2-8DE5-8ACF-4FD7-4DE42128CF5A}" = Catalyst Control Center Localization German
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE90CBC0-049D-E8E2-DD63-B4E048772F90}" = Catalyst Control Center Localization Dutch
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1346C42-2B96-B06C-5F3B-99BA1DE914A3}" = Catalyst Control Center Localization Japanese
    "{E14C2F99-A741-DD7D-86BA-125232B43B0F}" = CCC Help Japanese
    "{E1DCAA98-90E1-4FBD-A942-28591B20F2D3}" = winLAME 2009 beta 1
    "{E395D708-02FD-4F70-B735-73E234115942}" = MailWasherPro
    "{E4B430AF-1029-ED12-608E-D8EF7981BADC}" = Catalyst Control Center Localization Spanish
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E5D1C4D5-1ECD-E689-FFCF-96D1FE7697FC}" = Skins
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E80B263C-7DAA-4F6B-CC38-F841BCDE9B03}" = CCC Help Danish
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
    "{EE168625-C2DA-89DE-1BC3-961A0449B322}" = Catalyst Control Center Localization Greek
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1CFD809-20E4-33B6-9B17-C0907C6D3DE3}" = CCC Help Hungarian
    "{F3474283-A0BB-72A0-97C0-E4EB5C8C6730}" = CCC Help Norwegian
    "{F63E8666-0F10-11D3-8258-00C04F6843FE}" = Microsoft Visual Keyboard
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FB397904-F751-EC9D-02F9-03EE099B4D64}" = Catalyst Control Center Localization Danish
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.65
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agent Ransack_is1" = Agent Ransack Version 1.7.3
    "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "Belarc Advisor" = Belarc Advisor 8.1
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "Carbonite Backup" = Carbonite
    "CCleaner" = CCleaner
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "Cordless DUALphone_is1" = Cordless DUALphone Suite
    "Defraggler" = Defraggler
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "FastStone Capture" = FastStone Capture 6.5
    "Foxit PDF Creator" = Foxit PDF Creator
    "Foxit PDF Editor" = Foxit PDF Editor
    "Foxit Reader" = Foxit Reader
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
    "Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
    "Free Studio_is1" = Free Studio version 4.8
    "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
    "GNU Aspell_is1" = GNU Aspell 0.50-3
    "GoldWave v5.52" = GoldWave v5.52
    "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPOCR" = OCR Software by I.R.I.S. 14.0
    "InfraRecorder" = InfraRecorder
    "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "IrfanView" = IrfanView (remove only)
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "MailDrop" = MailDrop
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MozBackup" = MozBackup 1.4.10
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
    "OpenAL" = OpenAL
    "PDFTK Builder_is1" = PDFTK Builder 3.5.3
    "Picasa 3" = Picasa 3
    "Pidgin" = Pidgin
    "Recuva" = Recuva
    "Secunia PSI" = Secunia PSI
    "Smart Defrag_is1" = Smart Defrag
    "SP6" = Logitech SetPoint 6.0
    "SpeedCrunch_is1" = SpeedCrunch 0.10
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Task Coach_is1" = Task Coach 0.78.4
    "TomTom HOME" = TomTom HOME 2.7.3.1894
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VLC media player" = VLC media player 1.1.4
    "VST Bridge_is1" = VST Bridge 1.1
    "WeftQDA" = NSIS WeftQDA
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 16/10/2010 09:22:47 | Computer Name = David-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 16/10/2010 20:25:11 | Computer Name = David-PC | Source = Perflib | ID = 1010
    Description =

    Error - 16/10/2010 20:25:11 | Computer Name = David-PC | Source = Perflib | ID = 1008
    Description =

    Error - 17/10/2010 10:39:49 | Computer Name = David-PC | Source = PerfNet | ID = 2004
    Description =

    Error - 17/10/2010 11:13:13 | Computer Name = David-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 17/10/2010 19:22:10 | Computer Name = David-PC | Source = VSS | ID = 8194
    Description =

    Error - 18/10/2010 05:54:29 | Computer Name = David-PC | Source = Perflib | ID = 1010
    Description =

    Error - 18/10/2010 05:54:30 | Computer Name = David-PC | Source = Perflib | ID = 1008
    Description =

    Error - 18/10/2010 16:43:39 | Computer Name = David-PC | Source = MsiInstaller | ID = 11316
    Description =

    Error - 19/10/2010 19:36:38 | Computer Name = David-PC | Source = Perflib | ID = 1010
    Description =

    [ System Events ]
    Error - 19/10/2010 14:57:23 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 14:57:53 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 14:58:23 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 14:59:15 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 14:59:45 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 15:01:48 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 15:02:18 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 15:02:48 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 20:43:08 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 19/10/2010 20:43:38 | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
    Description =


    < End of report >

    Can't thank you enough Broni (even if it's not yet fixed!!)
     
    oserdavid,
    #19
  21. 2010/10/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Disabled | Stopped] -- C:\cygwin\bin\cygrunsrv.exe -- (BrlAPI)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [HWSetup] File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cf - No CLSID value found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1998/12/09 03:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998/12/09 03:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998/12/09 03:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998/12/09 03:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998/12/09 03:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998/12/09 03:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...