InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : plugplay svchost.exe constant 50-90% CPU usage? |
|
Answer» It stopped at 68%, and I got an error message, with this explanation: Should I uninstall it and try again? Yes please do.Okay, it took a while, but it's finally DONE. It detected 0 malware. When it was finished scanning it never gave me an option for a log. It just gave me an ad for their software. With a 64bit OS we can't use our normal tools so we have to rely more on the scanners to tell us what's still wrong rather than finding it ourselves which is more thorough. I do still have a few tricks if needed. How is the computer doing now? Much better. Svchost (DcomLaunch) is still using around 60% CPU, but that's better than the 80%-100% it was before. I still have no audio even though it says the audio drivers were installed successfully. At the bottom right, next to the clock, it says no audio output device installed. When the svchost problem first occurred I had no sound even though an audio output device was installed. I read that uninstalling and installing the audio device would fix my problem. No luck as of yet. I ran a Malwarebytes full scan last night and here's the log: Malwarebytes' Anti-Malware 1.41 Database version: 3251 Windows 6.0.6002 Service Pack 2 12/2/2009 8:37:32 AM mbam-log-2009-12-02 (08-37-09).txt Scan type: Full Scan (C:\|) Objects scanned: 331148 Time elapsed: 8 hour(s), 8 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> No action taken. I have removed these 3 trojans. Download OTL to your desktop. * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. * When the window appears, underneath Output at the top change it to Minimal Output. * Check the boxes beside LOP Check and Purity Check. * Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy and pate the contents of these files, one at a time, into your next reply. Note: You may need two or more posts to fit them all in.OTL Extras logfile created on: 12/2/2009 9:39:14 AM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Jessica\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 66.79% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 586.40 Gb Total Space | 305.28 Gb Free Space | 52.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AJKK Current User Name: Jessica Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 51 65 25 BD AB 40 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0324B965-D846-478B-891A-813DDB24501D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{0A590022-9314-467C-8054-851B62DE173D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1A3A9A13-C805-41DD-B679-2A0929C5E3C1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{1D4B1889-C629-4F29-B31C-6FB63DDDB71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38F56280-66F3-46F0-A955-24F0F7B4DF22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A0C1004-687F-4C17-B905-CAED751259A7}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{3BDCE857-9ABF-4B42-99EF-ED7ACE349824}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3DDE5B14-F56B-4216-A6DF-77E86343CCEB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{43ABE8BF-3AFF-4051-B383-50734F0DD83D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{7BAF4D4F-3B3A-492D-B009-FD85BECC0135}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8491A49C-889F-46F2-A827-143C58014323}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{8FB3570A-BB58-443C-800C-6521A3808228}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{999A109F-94AB-4D17-9176-19AADD4C6775}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9A3A14D4-75D7-4562-A171-77ACC32D3FD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A8F28879-5403-48CD-BC06-C633B0D8DACE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{AB0D726F-B4F2-43B4-A11A-2F9F9B10AAF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B919D6B6-8945-4A6C-9CC8-93719EFE69CB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{BBC38F07-2963-41BF-AB6D-C86103E37FAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E04EF03B-E884-4763-B953-CF9AD941973D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{EC218AD9-DBBB-4040-BF85-0DF645B845B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EFB533C6-588A-4879-89B6-9EB70409AEAE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C97C446-8D92-40ED-9736-1D7DF5673014}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\wzse0.tmp\symnrt.exe | "{12DB2E64-2940-4A49-8CB4-FE2B9A0BF03D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1A9C2D0A-D91C-443A-BF74-7FB23985D560}" = protocol=58 | dir=out | [emailprotected],-203 | "{25A6E19C-AC11-431E-967D-3985F9C5CFF2}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3222F967-AE98-4A6D-A8D1-9EEDFBD8BA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{375C1985-F843-435E-B5C6-5E43292724A6}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe | "{3C6E91EA-06B2-46CE-BB0C-772B4994A410}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5036CC9C-DFD8-4EE0-81AB-BB740AE618BE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{60963526-0667-46C2-9979-42479DA90341}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{68F56D28-ABB4-4F49-9D41-CF3D0FE65D71}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{69AB3525-C8C4-4627-A887-B25C1270F022}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{6A0F1805-34ED-4463-A10B-6F975E5A5AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{772498A6-C972-47F6-B77C-4942812B61B5}" = protocol=6 | dir=in | app=c:\program files (x86)\COMMON files\aol\loader\aolload.exe | "{88F173AB-CB1A-4F12-BA14-DA1B34EEB07B}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe | "{8BDD0E9E-08EE-4DA8-9B4B-4EBBE453AB34}" = protocol=58 | dir=in | app=system | "{8BE3AC01-C834-4F0F-B71C-18E2F8B5B27C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{90E57B42-1546-4F43-B18F-D69C5A92D769}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{94D16C12-C5D6-46DC-9F42-321FD34CFFF8}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\wzse0.tmp\symnrt.exe | "{96EE35E1-1B54-45DD-B3B2-4228586DA8D0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{9DE80E45-EC6A-4F75-9542-13D7BDA99733}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A490E25E-C0D4-468C-B775-A4D63E10C249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{ACB751B1-8A71-4E58-95B4-60A060418EA1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BDD44A77-9375-4837-975F-59E670CC4A3F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C07C4F28-CB48-441B-A115-79F0B1AB26D0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{C1331E84-E248-4BCE-BE31-D87A0513EFBC}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D2924E90-7A3A-4784-A624-DF4556480B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{EA97D10B-217E-499C-B373-8864CF8180B9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F8F676C7-08AF-4528-BCA4-65C93A1ED50B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{FA349BF1-F935-4F58-B3A4-05AA46536FFA}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{FC946A4B-DB03-4929-8416-7E2E93CDB9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{4B4566F5-D4D4-4EDE-A2CD-198D36CDE1F3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{A63B1E1A-F6DC-4C9B-9137-C7D8AF04B31E}C:\games\summoner\sum.exe" = protocol=6 | dir=in | app=c:\games\summoner\sum.exe | "TCP Query User{CF0F5477-4B7F-42F5-A2C1-EDB926E5E58A}C:\program files (x86)\microsoft games\close combat iii\cc3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\close combat iii\cc3.exe | "TCP Query User{D30D56BD-7444-47BB-B027-6F2D009D0B91}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{EF283F6D-2AF9-4CB7-B82B-B5DF0C1C670E}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{1A0F8AFC-3060-4B7E-A176-A82B59801969}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{4A32AE20-3269-4D93-B38F-071AEAB93FB2}C:\games\summoner\sum.exe" = protocol=17 | dir=in | app=c:\games\summoner\sum.exe | "UDP Query User{890BFAE2-20A2-4A58-831E-912EAAE245FA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{C9A2B3D6-549B-4D20-B6FD-5DF96FF5E2BE}C:\program files (x86)\microsoft games\close combat iii\cc3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\close combat iii\cc3.exe | "UDP Query User{E9E7CF27-5637-4129-9421-363AA22E7A86}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series "{1264D259-A741-4DEE-4898-C4D52DE3ACC5}" = ATI Catalyst Install Manager "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8E388E35-590A-4600-B19F-66BDE288D386}" = Sun xVM VirtualBox "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D7745F7A-E007-40F4-22AF-6B2F4A936328}" = ccc-utility64 "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "CanonMyPrinter" = Canon My Printer "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{174D5678-D941-433C-BD23-58A5C7B0D36D}" = Jasc Animation Shop 3 "{1B27D1D2-2A46-0D22-02B6-4C968CDADBA5}" = Catalyst Control Center Graphics Full New "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16 "{35DE6548-BEF5-6023-2595-28B7AF97C7A1}" = Catalyst Control Center Core Implementation "{374C2648-1985-FA76-D2DA-4D196DB815F1}" = Catalyst Control Center InstallProxy "{3949DD93-2AA3-4F88-6DF2-3A474E7C9F20}" = Skins "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{49DC0DD3-1370-41E4-B82C-552EB4985F89}" = Geneforge 4 "{4DDFEC43-2656-9A57-4480-3597422C3738}" = CCC Help English "{52F67F21-CD2D-B159-8343-0C47211F83A2}" = ccc-core-static "{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2 "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries "{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set "{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9759DCDF-3A65-597F-67EB-1EA6E797D39A}" = Catalyst Control Center Graphics Previews Vista "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8 "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB0ED3FB-2C23-4D46-536E-9F2DBB965F81}" = Catalyst Control Center HydraVision Full "{CB11A659-62A8-D40F-AFE1-ECAC8CACAC93}" = Catalyst Control Center Graphics Full Existing "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}" = KB0817 Keyboard Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility "{FDC70DF6-69E3-FAB3-DC74-682557A1AD9F}" = Catalyst Control Center Graphics Light "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523 "Canon iP2600 series User Registration" = Canon iP2600 series User Registration "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner (remove only) "Celestia_is1" = Celestia 1.5.1 "Close Combat 3.00" = Microsoft Close Combat III "Coupon Printer for Windows4.0" = Coupon Printer for Windows "DVD Flick_is1" = DVD Flick 1.3.0.7 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Fallout" = Fallout "Fallout2" = Fallout2 "Free Sound Recorder_is1" = Free Sound Recorder v7.9.5 "Guitar Pro 5_is1" = Guitar Pro 5.2 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0 "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276) "Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.1.18 "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Monkey's Audio_is1" = Monkey's Audio "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "Product_Name" = Blades of Avernum "Smart Copy" = Smart Copy 3.1.1.1 "ViewpointMediaPlayer" = Viewpoint Media Player "WildTangent gateway Master Uninstall" = Gateway Games "Winamp" = Winamp "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/11/2009 10:23:54 AM | Computer Name = AJKK | Source = Application Error | ID = 1000 Description = Faulting application Ati2evxx.exe, version 6.14.10.4213, time stamp 0x49344cdc, faulting module Ati2evxx.exe, version 6.14.10.4213, time stamp 0x49344cdc, exception code 0xc0000005, fault offset 0x0000000000046458, process id 0x1004, application start time 0x01ca62da851ca630. Error - 11/11/2009 10:07:09 PM | Computer Name = AJKK | Source = Application Error | ID = 1000 Description = Faulting application VirtualBox.exe, version 2.2.4.0, time stamp 0x4a202184, faulting module VBoxOGLrenderspu.dll_unloaded, version 0.0.0.0, time stamp 0x4a202148, exception code 0xc0000005, fault offset 0x0000000002813c98, process id 0x114, application start time 0x01ca6333a00bbd60. Error - 11/11/2009 10:18:08 PM | Computer Name = AJKK | Source = System Restore | ID = 8193 Description = Error - 11/11/2009 10:28:23 PM | Computer Name = AJKK | Source = System Restore | ID = 8193 Description = Error - 11/11/2009 10:49:36 PM | Computer Name = AJKK | Source = System Restore | ID = 8193 Description = Error - 11/11/2009 11:07:46 PM | Computer Name = AJKK | Source = WinMgmt | ID = 10 Description = Error - 11/14/2009 2:21:50 PM | Computer Name = AJKK | Source = WinMgmt | ID = 10 Description = Error - 11/16/2009 9:49:19 AM | Computer Name = AJKK | Source = EventSystem | ID = 4621 Description = Error - 11/16/2009 7:44:49 PM | Computer Name = AJKK | Source = EventSystem | ID = 4621 Description = Error - 11/17/2009 1:05:47 AM | Computer Name = AJKK | Source = EventSystem | ID = 4621 Description = [ Media Center Events ] Error - 6/22/2009 5:32:02 AM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 8/3/2009 3:30:41 AM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/7/2009 5:52:26 PM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 10/8/2009 5:36:02 PM | Computer Name = AJKK | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. [ System Events ] Error - 8/27/2009 11:29:59 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:14 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:20 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:29 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/27/2009 11:30:41 PM | Computer Name = AJKK | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 8/28/2009 12:09:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7011 Description = Error - 8/28/2009 12:51:29 AM | Computer Name = AJKK | Source = HTTP | ID = 15016 Description = Error - 8/28/2009 12:52:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7000 Description = Error - 8/28/2009 12:52:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7000 Description = Error - 8/28/2009 12:52:49 AM | Computer Name = AJKK | Source = Service Control Manager | ID = 7000 Description = < End of report > OTL logfile created on: 12/2/2009 9:39:14 AM - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Jessica\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 66.79% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 586.40 Gb Total Space | 305.28 Gb Free Space | 52.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AJKK Current User Name: Jessica Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Windows\mHotkey.exe () PRC - C:\Windows\ChiFuncExt.exe (Chicony) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe () SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems) SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 07:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab) DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell) DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0209&m=dx4200-09 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.richarddawkins.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.en gineName: "web-radio Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT168755&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "web-radio Customized Web Search" FF - prefs.js..browser.search.suggest.enable d: false FF - prefs.js..browser.startup.homepage: "http://richarddawkins.net/forum/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: [emailprotected]:1.1 FF - prefs.js..extensions.enabledItems: {1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}:0.9.2 FF - prefs.js..extensions.enabledItems: {f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}:1.5.1 FF - prefs.js..extensions.enabledItems: [emailprotected]:2.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 FF - prefs.js..extensions.enabledItems: *Blocked Russian URL*:9.0.0.736 FF - prefs.js..extensions.enabledItems: {86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.2 FF - prefs.js..extensions.enabledItems: [emailprotected]:3.5 FF - prefs.js..extensions.enabledItems: [emailprotected]:2.1 FF - prefs.js..extensions.enabledItems: [emailprotected]:3.8 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/29 14:04:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/29 14:04:57 | 00,000,000 | ---D | M] [2009/03/19 15:33:00 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions [2009/12/01 17:25:33 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions [2009/08/29 11:13:15 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} [2009/10/31 20:55:07 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009/11/15 11:22:59 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2009/08/29 11:16:31 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2009/10/28 19:08:01 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/10/08 22:09:21 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/06/02 20:25:56 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0} [2009/10/08 22:23:52 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/06/26 19:24:35 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/11/08 12:11:48 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/09/23 13:22:15 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/09/28 20:29:03 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\fugfpru6.default\extensions\[emailprotected] [2009/03/18 10:04:06 | 00,000,878 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\FireFox\Profiles\fugfpru6.default\searchplugins\conduit.xml [2009/11/28 15:47:49 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/10/10 13:24:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049} [2009/11/06 08:58:25 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla *Blocked Russian URL* [2008/06/18 00:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/05/01 20:47:11 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll [2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{53084f0e-13bf-11de-86fc-0022684911df}\Shell - "" = AutoRun O33 - MountPoints2\{53084f0e-13bf-11de-86fc-0022684911df}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/02 09:31:57 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe [2009/12/02 09:10:08 | 00,000,000 | ---D | C] -- C:\Windows\LastGood [2009/12/01 11:54:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2009/12/01 11:34:46 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009/11/30 16:17:56 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek [2009/11/29 21:58:25 | 02,714,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2009/11/29 21:58:23 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2009/11/29 21:58:23 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2009/11/29 21:58:22 | 00,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2009/11/29 21:58:22 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2009/11/29 21:58:22 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2009/11/29 21:58:22 | 00,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2009/11/29 21:58:22 | 00,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2009/11/29 21:58:22 | 00,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2009/11/29 21:58:21 | 02,191,872 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2009/11/29 21:58:19 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2009/11/29 21:58:19 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2009/11/29 21:58:17 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2009/11/29 19:14:28 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2009/11/29 19:08:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2009/11/29 19:08:33 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2009/11/29 18:26:12 | 01,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe [2009/11/29 18:26:12 | 01,364,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd64.exe [2009/11/29 18:26:12 | 01,261,056 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2009/11/29 18:26:12 | 00,765,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2009/11/29 18:26:12 | 00,598,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2009/11/29 18:26:12 | 00,368,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2009/11/29 18:26:11 | 06,296,064 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe [2009/11/29 18:26:11 | 00,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2009/11/29 18:26:11 | 00,160,768 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll [2009/11/29 18:26:11 | 00,040,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2009/11/29 18:24:37 | 00,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\AUDIO_Realtek_ALC888S_Vx64 [2009/11/28 13:37:54 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes [2009/11/28 13:37:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009/11/28 13:37:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009/11/28 13:37:20 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2009/11/28 13:37:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009/11/28 13:11:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2009/11/28 10:53:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2009/11/28 01:14:34 | 06,216,032 | ---- | C] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe [2009/11/27 23:58:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2009/11/25 05:59:08 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2009/11/25 05:59:07 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2009/11/24 05:08:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable DEVICES [2009/11/24 05:08:12 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2009/11/24 05:08:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2009/11/24 04:34:51 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2009/11/24 04:34:51 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2009/11/24 04:34:51 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2009/11/24 04:34:31 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2009/11/24 04:34:16 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2009/11/24 04:34:16 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2009/11/24 04:34:16 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2009/11/24 04:34:13 | 00,981,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2009/11/24 04:34:13 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2009/11/24 04:34:13 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll [2009/11/24 04:34:12 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll [2009/11/24 04:34:12 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2009/11/24 04:34:11 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2009/11/24 04:34:11 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2009/11/24 04:34:11 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2009/11/24 04:34:11 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2009/11/24 04:34:11 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2009/11/24 04:34:10 | 00,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2009/11/24 04:34:10 | 00,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll [2009/11/24 04:34:10 | 00,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiag.exe [2009/11/24 04:34:10 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll [2009/11/24 04:34:10 | 00,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxdiagn.dll [2009/11/24 04:34:10 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe [2009/11/24 04:34:10 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiagn.dll [2009/11/24 04:34:09 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2009/11/24 04:34:09 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10level9.dll [2009/11/24 04:34:09 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxgi.dll [2009/11/24 04:34:09 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2009/11/24 04:34:09 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10core.dll [2009/11/24 04:34:08 | 00,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2009/11/24 04:34:08 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2009/11/24 04:34:08 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2009/11/24 04:34:08 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2009/11/24 04:34:08 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2009/11/24 04:34:07 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2009/11/24 04:34:07 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2009/11/24 04:34:07 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2009/11/24 04:34:06 | 03,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2009/11/24 04:34:06 | 01,548,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2009/11/24 04:34:06 | 01,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2009/11/24 04:34:06 | 01,142,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll [2009/11/24 04:34:06 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2009/11/24 04:34:06 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10.dll [2009/11/24 04:34:06 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2009/11/24 04:34:06 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2009/11/24 04:34:05 | 01,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2009/11/24 04:34:05 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2009/11/24 04:27:04 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShextAutoplay.exe [2009/11/24 04:27:04 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe [2009/11/24 04:26:58 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthMtpContextHandler.dll [2009/11/24 04:25:56 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceConnectApi.dll [2009/11/24 04:25:54 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdConns.dll [2009/11/24 04:25:53 | 02,727,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdshext.dll [2009/11/24 04:25:53 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdshext.dll [2009/11/24 04:25:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtpUS.dll [2009/11/24 04:25:53 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WpdUsb.sys [2009/11/24 04:25:52 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2009/11/24 04:25:51 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDShServiceObj.dll [2009/11/24 04:25:51 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceConnectApi.dll [2009/11/24 04:25:49 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpdMtp.dll [2009/11/24 04:25:48 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll [2009/11/24 04:25:48 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll [2009/11/24 04:25:47 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll [2009/11/24 04:25:47 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll [2009/11/24 04:25:46 | 00,433,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WPDSp.dll [2009/11/24 04:25:46 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll [2009/11/24 04:25:46 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll [2009/11/24 04:25:45 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDSp.dll [2009/11/24 04:25:45 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceWMDRM.dll [2009/11/24 04:25:45 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceWMDRM.dll [2009/11/24 04:10:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll [2009/11/24 04:10:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll [2009/11/24 04:10:32 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2009/11/24 04:10:32 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2009/11/24 04:10:32 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2009/11/23 10:47:04 | 00,544,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71d.dll [2009/11/23 10:46:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Video Converter [2009/11/15 14:03:40 | 00,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx [2009/11/15 14:03:40 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx [2009/11/15 14:03:40 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\ssubtmr6.dll [2009/11/15 14:03:40 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\SysWow64\trayicon_handler.ocx [2009/11/15 14:03:40 | 00,028,672 | ---- | C] (-) -- C:\Windows\SysWow64\mousewheel.ocx [2009/11/15 14:03:39 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx [2009/11/15 14:03:39 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx [2009/11/15 14:03:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick [2009/11/07 10:08:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe ========== Files - Modified Within 30 Days ========== [2009/12/02 09:44:04 | 02,883,584 | -HS- | M] () -- C:\Users\Jessica\NTUSER.DAT [2009/12/02 09:31:59 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe [2009/12/02 08:46:24 | 00,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2009/12/02 08:46:06 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/12/02 08:46:06 | 00,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/12/02 08:46:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/12/02 08:45:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/12/02 08:43:07 | 00,524,288 | -HS- | M] () -- C:\Users\Jessica\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009/12/02 08:43:07 | 00,065,536 | -HS- | M] () -- C:\Users\Jessica\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009/12/02 08:42:54 | 04,092,172 | -H-- | M] () -- C:\Users\Jessica\AppData\Local\IconCache.db [2009/12/01 11:51:34 | 02,672,312 | ---- | M] () -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe [2009/12/01 11:02:59 | 03,574,016 | ---- | M] () -- C:\Users\Jessica\Desktop\ComboFix.exe [2009/11/30 16:10:14 | 00,093,184 | ---- | M] () -- C:\Users\Jessica\Documents\Untitled Document.wps [2009/11/30 16:10:14 | 00,000,216 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\wklnhst.dat [2009/11/30 08:21:40 | 00,100,864 | ---- | M] () -- C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/29 21:58:31 | 00,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2009/11/29 18:12:15 | 44,377,846 | ---- | M] () -- C:\Users\Jessica\Desktop\AUDIO_Realtek_ALC888S_Vx64.zip [2009/11/29 16:39:27 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/11/29 16:39:27 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2009/11/29 16:39:27 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2009/11/29 14:05:12 | 00,001,780 | ---- | M] () -- C:\Users\Jessica\Desktop\Mozilla Firefox.lnk [2009/11/29 13:41:00 | 02,603,675 | ---- | M] () -- C:\Users\Jessica\LightningKickingAss.gif [2009/11/29 13:22:04 | 00,048,525 | ---- | M] () -- C:\Users\Jessica\Physics Bumper Sticker.jpg [2009/11/29 12:33:00 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2009/11/29 11:58:51 | 00,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2009/11/29 11:58:39 | 00,392,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/11/29 10:18:54 | 00,000,727 | ---- | M] () -- C:\Users\Jessica\Desktop\procexp64 - Shortcut.lnk [2009/11/28 13:37:35 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 10:53:16 | 00,001,930 | ---- | M] () -- C:\Users\Jessica\Desktop\HijackThis.lnk [2009/11/28 01:14:38 | 06,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe [2009/11/28 00:20:41 | 00,000,732 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps64.dat [2009/11/24 05:06:00 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/11/24 04:57:12 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/11/23 12:57:28 | 00,000,244 | ---- | M] () -- C:\Windows\win.ini [2009/11/19 16:32:53 | 00,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat [2009/11/17 20:47:36 | 00,332,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2009/11/17 20:47:36 | 00,149,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2009/11/16 11:09:27 | 00,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2009/11/13 15:16:02 | 00,363,008 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2009/11/13 15:16:02 | 00,198,656 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2009/11/13 15:16:02 | 00,095,744 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2009/11/13 15:16:02 | 00,073,216 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2009/11/10 16:33:44 | 02,191,872 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2009/11/10 16:32:14 | 02,714,112 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2009/11/07 10:08:44 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/11/06 08:59:36 | 08,074,812 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat [2009/11/06 08:59:36 | 00,933,948 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat [2009/11/06 08:59:36 | 00,074,228 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx [2009/11/06 08:59:36 | 00,005,780 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx [2009/11/06 08:46:37 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2009/11/06 08:46:37 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2009/11/03 13:12:38 | 00,000,587 | ---- | M] () -- C:\Users\Jessica\Desktop\zsnesw - Shortcut.lnk [2009/11/02 13:48:02 | 00,831,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll ========== Files Created - No Company Name ========== [2009/12/01 11:51:34 | 02,672,312 | ---- | C] () -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe [2009/12/01 11:02:59 | 03,574,016 | ---- | C] () -- C:\Users\Jessica\Desktop\ComboFix.exe [2009/11/30 16:10:13 | 00,093,184 | ---- | C] () -- C:\Users\Jessica\Documents\Untitled Document.wps [2009/11/29 18:26:11 | 00,659,968 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll [2009/11/29 18:09:40 | 44,377,846 | ---- | C] () -- C:\Users\Jessica\Desktop\AUDIO_Realtek_ALC888S_Vx64.zip [2009/11/29 13:40:58 | 02,603,675 | ---- | C] () -- C:\Users\Jessica\LightningKickingAss.gif [2009/11/29 13:22:00 | 00,048,525 | ---- | C] () -- C:\Users\Jessica\Physics Bumper Sticker.jpg [2009/11/29 12:33:00 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/11/29 10:51:10 | 00,000,366 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job [2009/11/29 10:18:54 | 00,000,727 | ---- | C] () -- C:\Users\Jessica\Desktop\procexp64 - Shortcut.lnk [2009/11/28 13:37:35 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/28 10:53:16 | 00,001,930 | ---- | C] () -- C:\Users\Jessica\Desktop\HijackThis.lnk [2009/11/28 00:20:41 | 00,000,732 | ---- | C] () -- C:\Users\Jessica\AppData\Local\d3d9caps64.dat [2009/11/24 05:06:00 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2009/11/24 04:57:12 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2009/11/07 10:08:44 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2009/11/03 13:07:29 | 00,000,587 | ---- | C] () -- C:\Users\Jessica\Desktop\zsnesw - Shortcut.lnk [2009/10/30 10:11:28 | 00,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/10/30 10:11:27 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/10/30 10:11:25 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/10/30 10:11:24 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009/10/30 10:11:24 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/10/30 10:11:21 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/10/30 10:11:21 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/17 18:17:14 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/17 18:15:57 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/09/15 21:03:47 | 00,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009/08/27 22:38:56 | 00,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009/04/27 07:49:26 | 00,230,752 | ---- | C] () -- C:\Windows\patchw32.dll [2009/03/20 19:21:57 | 00,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI [2009/03/20 08:29:18 | 00,000,228 | ---- | C] () -- C:\Windows\wininit.ini [2009/03/16 17:02:18 | 00,000,216 | ---- | C] () -- C:\Users\Jessica\AppData\Roaming\wklnhst.dat [2009/03/16 12:18:34 | 00,100,864 | ---- | C] () -- C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/15 16:23:42 | 00,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2009/03/15 16:23:42 | 00,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2009/03/15 16:23:42 | 00,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2009/02/10 03:42:27 | 00,294,912 | ---- | C] () -- C:\Windows\PIC.dll [2009/02/10 03:42:27 | 00,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini [2008/01/20 20:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2009/09/07 17:15:26 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Atari [2009/06/08 10:23:18 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Azureus [2009/08/09 13:45:12 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Bitsoft [2009/06/15 11:35:18 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DAEMON Tools Lite [2009/06/08 12:53:33 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\DAEMON Tools Pro [2009/05/20 12:00:21 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Downloaded Installations [2009/08/09 08:38:24 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\gtk-2.0 [2009/08/11 17:38:36 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Jasc [2009/08/01 21:49:29 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Leadertech [2009/09/15 19:51:52 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\NCH Swift Sound [2009/07/15 23:01:27 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Template [2009/11/27 23:58:50 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\uniblue [2009/11/29 10:58:01 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\uTorrent [2009/03/16 17:13:19 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\WildTangent [2009/11/29 11:58:51 | 00,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2009/12/02 08:44:08 | 00,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data STREAMS ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:0E799D7F < End of report > Okay, let me update you briefly. Svchost.exe isn't taking a significant amount of processing power any more. My computer is running much better as far as speed is concerned. My only remaining problem is having no sound. I never thought it would be a virus though. I thought having Kaspersky on it's highest setting would stop any viruses. A little naive of me, I admit. During this little problem, I've been scouring the web for advice or a solution. I've read that Vista and anti-malware programs don't get along very well. Has this problem been fixed in Windows 7?Quote During this little problem, I've been scouring the web for advice or a solution. I've read that Vista and anti-malware programs don't get along very well. Has this problem been fixed in Windows 7? I've ran both Vista and now Windows 7 64bit and not had a problem with any anti-malware program and I've tested a bunch of them... I don't see anything in the logs. I suggest starting a topic in the Microsoft Windows forum for some suggestions on the sound driver. You have already tried everything I can think of. Alright, well let me thank you then. Thank you!!! My comp is running like it first did when we purchased it. evilfantasy for prez!!Your welcome. Safe surfing... Here are a few more suggestions to help you tighten up your security. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|