WiredWX Hobby Weather ToolsLog in

 


descriptionno connectivity Emptyno connectivity

more_horiz
Greetings from the UK. I have my colleagues HP laptop beside me. Runs Vista home premium. Microsoft Office Pro 2007. Internet via latest IE. Currently cannot access anything. Get a message from MS Windows saying eg. IE has stopped working. No access to outlook or internet.

Your comments would be most welcome.
regards, Cantrad.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello, logs as requested:

OTL Extras logfile created on: 24/09/2010 00:06:25 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 152.59 Gb Free Space | 68.85% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.85 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 30.22 Mb Total Space | 7.33 Mb Free Space | 24.27% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3475719832-1917399278-732260719-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DCFDB68-A02D-4564-974F-F8ABAEC559D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{1E999BF0-2E5E-4EB3-AA03-6CD1CE92078A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{22D372D6-5C40-48CD-947D-C862406D0589}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BA64286-C3B7-4FC4-9753-55F4121C8FCF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D7505CA-A808-4733-8EF5-9F1DB1EF6868}" = lport=137 | protocol=17 | dir=in | app=system |
"{3F606DC1-5878-4070-BFF3-E3F2EF100C28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47A294A7-02B2-4775-AAA1-7AD22F41229F}" = rport=137 | protocol=17 | dir=out | app=system |
"{54068A98-7148-43DF-9BAE-1061556CE77D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{66A69D7D-F8A7-4035-BF44-9B4341B97F15}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AF6A7D5-0115-4284-A7F8-25EB482758FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C0D880D-B45D-432B-98C9-CA716135AD5E}" = rport=445 | protocol=6 | dir=out | app=system |
"{6ED2517D-A272-4B19-98DF-D3E61DD1034C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{740EC741-CC38-4F8D-AF23-BACDDDE4D107}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{75438BB6-52C4-4AE2-BF3A-E3179CE666ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B24FC780-AD64-4710-ABF4-F621EA7C058B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8D414CB-2656-40B9-8789-01ADC68B76E8}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA698A1D-5C36-4D0E-9336-C14B114EFF68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB60678E-92CF-4EBB-9A07-BEB72699148D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C2508703-35DB-46AA-8D86-FA48D41581C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C35A12BF-D33F-49DB-B8F9-8E286C0D33E0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2CA2732-927F-4EE6-AFB9-38D8E4E398E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECEB5059-56BC-4166-9072-AC5920638C81}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F8ADE1-1B5C-4A9F-BCEA-31C815C481F7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{05F6A98F-747C-465A-A433-A75A4E5DBE9F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{0B4FC57D-1B15-46F2-8985-929B25B2703F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{0F18DF9D-3FD3-4A2A-8844-28FA767AA1C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{174E1AE4-4E14-462B-9C1B-09C79BF36E3C}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1D7B5B85-E700-4850-9FA9-506C30F41EDE}" = protocol=6 | dir=in | app=c:\program files\citrix\secure access client\nsload.exe |
"{1E4FB8FB-56C6-4BA4-B275-A9C71766C09A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FFC2F25-2AFF-440E-A6EA-250CFE8E008B}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{22E7329A-C789-43B4-BBA6-4B471F3FF6F8}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{25BA9851-04A4-422C-ABC8-A4224CA8DCE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2659905A-C140-4EC2-AEB0-51169605144A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{29E0C9E1-6A3E-4E97-BCC4-DE9E1E97F199}" = protocol=17 | dir=in | app=c:\program files\citrix\secure access client\nsload.exe |
"{2FE866AC-B12A-4A33-A664-D2A76E6D933B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{421F7872-BD8B-4298-B354-28D7E5BC4530}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{432C9C1C-5D07-4D62-A65C-1589C8F8F08E}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{47A8B80E-55F4-4CFB-8639-9C48AA9449F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{53AF0FAD-B2D9-40BB-BF36-6325CDD405F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6012029D-BDA6-469B-A2B7-61CF71850712}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{60BB8229-C90A-46DC-984C-B944F8771E47}" = protocol=17 | dir=in | app=c:\program files\nectar search toolbar\toolbarupdate.exe |
"{657BE451-EF78-4BE6-9B4D-494D35967E22}" = protocol=17 | dir=in | app=c:\program files\nectar search toolbar\troubleshooter.exe |
"{6A9F291D-7C76-4EC1-8B0D-0037B205368C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{6CED4741-8CE1-4BB8-8BD8-E0F8CAA25692}" = protocol=17 | dir=in | app=c:\programdata\b757927\msb757_302.exe |
"{7439F8DA-02F1-4862-814E-92F59C728012}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7568D671-9975-4139-899C-F80CC433CA34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{78EF37D4-8F2C-44F1-BF3C-1E2666222CDA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{7D5F2EA3-9B58-466A-9A38-0844147B0CA0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{83C45FC5-31A9-4664-8D69-03306CBD19B5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{8A567F5F-6DD8-468A-8307-2271DFFA367A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{925B4E3D-74D2-4EF6-AF2F-43F81F332FA5}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{970847AF-A0FA-4B90-A8BD-EEA1DF44EE1F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{995E3FA9-6952-47BD-8060-B8BDCDB2DBFF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{9E344DCF-6118-4C5C-91FD-0B349B5C0566}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A09EBDED-8893-49BD-82AC-5694A2091049}" = protocol=6 | dir=in | app=c:\program files\nectar search toolbar\toolbarupdate.exe |
"{A3211FD7-1D60-4C17-841A-2CF8FC08682C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A837E2CD-66AC-40D1-B61D-9920BB9AA4EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3186281-447D-41FB-8275-22B6F1CFA515}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{B466784D-745E-463C-BE60-333FB1226ABF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{B74CA45D-6205-459B-8AA9-723DAFB106BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD645EB2-D7C8-42F8-990E-75D5FDD338D4}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{C44E9790-D65B-4D3B-AED3-E971D049D361}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C4890982-7C3C-4C83-8956-6A1DCC87FD8D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{CCBE78A8-272F-4671-823F-F78CAAFEA3DF}" = protocol=6 | dir=in | app=c:\programdata\b757927\msb757_302.exe |
"{CCD672CD-B4B7-4645-AF57-F0C05363290F}" = dir=in | app=e:\setup\hpznui01.exe |
"{CEC723E4-B965-451A-BC8C-BC27022240BA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{DA4DC15A-BD1B-42AC-B474-9452D6E1A765}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{DBE2E425-ED87-4CBE-B4C5-A295EF1FA8F2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{DD9E5425-785A-47AF-A836-43055C4C4CFC}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{E4462535-6401-4C09-BC4A-6370833FB3CC}" = protocol=6 | dir=in | app=c:\program files\nectar search toolbar\troubleshooter.exe |
"{E61D07C3-432E-451A-A08B-85C3D7668492}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{EDEEC53F-87EA-48EF-96EE-400A481DEBF6}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F18C57AD-9E8B-420F-9E52-90A6CED18319}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F4E050FC-32FA-47D8-9CF8-BDDC8D8091EF}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{F734B7F0-7CF7-46AE-9FD9-FE30933D259F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{FA541D33-126C-42AE-86D2-883CE00C5206}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"TCP Query User{7D772CA8-DA97-452C-A632-C2D188BDB96F}C:\program files\citrix\secure access client\nsload.exe" = protocol=6 | dir=in | app=c:\program files\citrix\secure access client\nsload.exe |
"UDP Query User{7881FDCB-862D-41F1-B4FD-00BB30B33605}C:\program files\citrix\secure access client\nsload.exe" = protocol=17 | dir=in | app=c:\program files\citrix\secure access client\nsload.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002471C5-6F62-D6CD-D6E5-A0F20F079B8B}" = Catalyst Control Center Localization Polish
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03819281-0870-65EE-24B0-A7DEDE9F796A}" = Catalyst Control Center Localization Chinese Traditional
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04F66470-CEA7-BF9A-1885-8E1A3474825A}" = CCC Help Danish
"{08062F2F-926A-D7EC-57E9-AB97AA0D7FDA}" = CCC Help Finnish
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0CAB8CDF-232E-F28F-A017-B388F41FACCB}" = CCC Help Portuguese
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{150FE68F-EE0C-4867-150A-D74FECBB8448}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2680244D-0FBA-4856-EBE3-9D67E61EB46F}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2BDFE775-48C0-3E1C-895C-DACC33CC52F0}" = Catalyst Control Center Localization Greek
"{2DAD2930-DFC1-AD0F-E63D-B3E95451CD68}" = CCC Help Greek
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F59397E-50B1-3CA6-2F8C-03773D40BE3B}" = Catalyst Control Center Graphics Full New
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{35CC44E6-5916-89DC-16B6-7ADE609211CE}" = Catalyst Control Center Localization Finnish
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A9C19FE-D61C-50DA-6FAF-7FB941B538A0}" = Catalyst Control Center Localization French
"{3BAB23A6-5272-F52D-1AF0-29419F1362B4}" = Catalyst Control Center Localization Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{445F6483-40DC-61B5-849D-35274D96DBA3}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A239818-F5F7-7AE8-9FD3-08F435ED88D0}" = Skins
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C17CE6E-4838-819F-01BE-7EEE6181914A}" = Catalyst Control Center Localization Norwegian
"{4C4EA31F-AE29-2517-5E92-3EFB1FD7B896}" = CCC Help Hungarian
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{527CF1CA-D98B-504D-833B-69DA9A8A5AD6}" = CCC Help Czech
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5B99A0A7-0B21-2CD6-474D-8D67177BD4D6}" = Catalyst Control Center Localization Dutch
"{5CFE0191-1ECE-7BD5-8AEF-069ED59A01BB}" = Catalyst Control Center Localization Korean
"{6244BAF3-F26D-A695-1EF6-D9A3C0A6DAA1}" = Catalyst Control Center Graphics Previews Common
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6570A194-A52D-9F23-EA48-90D7C6F20BE9}" = Catalyst Control Center Localization Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{666F0B45-78DA-FAA3-AB14-43CAEEA3D475}" = Catalyst Control Center Localization Russian
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66B6555E-07BF-3FCB-191F-BCD75650F1F2}" = CCC Help Italian
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{67F6A6BA-E225-4BF5-8E7C-BB4AE25EDCBC}" = Catalyst Control Center InstallProxy
"{69E1907C-E9EA-7A5A-79ED-47FF2B5BFDFB}" = Catalyst Control Center Localization Danish
"{6D3BA0EF-904C-4D14-A9E5-63A86CE18F9B}" = Assureweb New Business
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{75D0438A-55FB-DD38-0745-5D370179CAC7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793C0C7E-7977-C9B5-B427-FDF95F2D1636}" = Catalyst Control Center Localization Hungarian
"{7CA1269D-86E6-91A8-DD66-9CF6838821BF}" = Catalyst Control Center Localization Portuguese
"{812C53D9-39EC-0511-04E4-5430A4747FB5}" = CCC Help German
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{958A793F-F1D2-4A90-B6A5-C52E2D74E8FE}" = AzureBay Screen Saver 3.4
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1940302-F0F9-132F-C521-A5D0E24FAC1D}" = CCC Help Thai
"{A2315CF8-E14F-FA46-B1F1-20E0E5483ADB}" = Catalyst Control Center Localization Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A8411EDB-6A00-8D1A-584B-7A932F44A0C9}" = CCC Help Japanese
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5CD4CF-3802-623E-AD97-D188785EF411}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9275904-9237-94A3-2144-E3D6A62B57E9}" = CCC Help Turkish
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C48EB957-0CCB-D590-AB3F-B3F8A14ECC2F}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBA7FD59-19A7-5724-5646-CF307326CC18}" = Catalyst Control Center Core Implementation
"{CC7A4274-E6F2-2351-DA6A-07AB73896609}" = CCC Help Norwegian
"{CD7D2C01-F3C8-4127-325D-49853FCCDB62}" = Catalyst Control Center Localization German
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D1A1CE85-747B-6A0C-19FE-DFDD0B2DA671}" = ATI Catalyst Install Manager
"{D1E7EA15-5F96-728C-AF32-E1CFF8F9CE44}" = CCC Help Swedish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D47419B2-62BD-6B53-A96F-7E2F6F3D50C0}" = Catalyst Control Center Localization Turkish
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D62C79B5-44E0-DEC0-AF01-6A1404E093E9}" = CCC Help Spanish
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E12F2B78-CF64-2438-391F-3D3411A6E193}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E5C3A144-0F9B-8F3E-F1A3-2BB7B26014A6}" = ccc-core-static
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8B11A27-5CA6-748E-0F68-159CCF789DF3}" = CCC Help Dutch
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED65A382-3F80-D5A8-CCE0-DAB59D85CA91}" = CCC Help Russian
"{EDBB71B2-3C17-4EA5-ED91-E2EA5C2305CF}" = CCC Help Korean
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F250EA7A-F117-2CCE-03E7-BB62C2BF476C}" = Catalyst Control Center Graphics Previews Vista
"{F38CC586-4703-CE3C-F466-D7821E87926A}" = Catalyst Control Center Localization Chinese Standard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5992063-504C-4832-B4A2-9DBA6309B25A}" = Citrix Access Gateway Plug-in
"{F62F62BD-E5C5-56E3-6CF6-00407B743E32}" = CCC Help Chinese Traditional
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FAF7448B-7AB8-8C58-745E-1551CB481C3D}" = CCC Help Chinese Standard
"{FB3B08F0-5245-2336-0655-5256861F0986}" = ccc-utility
"{FDE3DBB7-AA79-AA91-ABE9-3696883FAB20}" = Catalyst Control Center Localization Japanese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Browser Defender_is1" = Browser Defender 3.0.0.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EasyBits Magic Desktop" = Magic Desktop
"GoToAssist" = GoToAssist Corporate
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Juniper Network Connect 5.5.0" = Juniper Networks Network Connect 5.5.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nectar Search Toolbar" = Nectar Search Toolbar
"Organiser_is1" = Organiser v2.5
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Rapport_msi" = Rapport
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JuniperSetupClient" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

descriptionno connectivity EmptyRe: no connectivity

more_horiz
2nd log:

OTL logfile created on: 24/09/2010 00:06:25 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 152.59 Gb Free Space | 68.85% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.85 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 30.22 Mb Total Space | 7.33 Mb Free Space | 24.27% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/23 23:03:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL (2).exe
PRC - [2010/09/09 16:27:23 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/08/30 09:52:56 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/06/23 05:01:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/05/27 09:16:10 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/02/08 23:24:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009/10/12 17:29:08 | 000,139,264 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
PRC - [2009/02/09 19:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 19:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 19:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/25 22:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 22:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/03 03:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/29 03:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/19 04:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/09/29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2008/09/29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
PRC - [2008/03/14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/06/21 06:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2005/07/04 05:28:30 | 000,057,344 | ---- | M] (AzureBay) -- C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe


========== Modules (SafeList) ==========

MOD - [2010/09/23 23:03:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\OTL (2).exe
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/09/09 16:27:23 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/23 05:01:02 | 000,198,608 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2009/12/14 21:08:40 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2009/10/12 17:29:08 | 000,139,264 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/21 09:46:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/09 19:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 19:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/03 03:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/03/11 05:01:24 | 000,415,072 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/02/03 21:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/06/15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010/06/15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/05/27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/05/26 09:09:10 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/02 20:36:26 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/02 20:36:26 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/03/01 15:02:16 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/05/25 06:50:44 | 000,164,864 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/23 11:16:34 | 000,073,368 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\net6im51.sys -- (Net6IM)
DRV - [2009/02/19 10:03:54 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/02/19 10:03:54 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/02/19 10:03:54 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/12/10 16:30:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/29 03:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/03/06 02:27:24] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/07/21 11:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 06:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/03/11 02:33:30 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/01/24 14:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/01/09 09:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/http://www.bbc.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 BA FB D6 BD 54 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files\Nectar Search Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/16 10:06:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\FireFox\ [2010/06/24 12:25:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/09 15:03:05 | 000,001,702 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: sjp.co.uk ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: sjp-online.co.uk ([]* in Local intranet)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Domains: oraweb ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sjp.co.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sjp-online.co.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://neo3.sjp.co.uk/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 11:26:11 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/09 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/09/09 15:03:07 | 000,000,000 | -HSD | C] -- C:\Users\Paul\AppData\Roaming\My Security Shield
[2010/09/09 14:55:57 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2010/09/09 14:55:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\MSRSZFS
[2010/09/09 14:55:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\b757927
[2010/08/26 11:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nectar Search Toolbar
[2010/08/26 08:42:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/26 08:42:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/26 08:42:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/24 00:06:26 | 003,145,728 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT
[2010/09/23 23:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/23 16:35:03 | 000,002,627 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office Word 2007.lnk
[2010/09/23 16:31:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 16:31:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 16:13:15 | 000,707,392 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/23 16:13:15 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/23 16:13:15 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/23 15:26:31 | 3218,956,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 14:30:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/23 14:29:58 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/23 14:29:58 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/23 14:29:48 | 003,400,754 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/09/23 14:29:25 | 000,002,595 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/09/23 14:29:16 | 000,002,497 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office PowerPoint Viewer 2007.lnk
[2010/09/21 08:11:00 | 000,000,680 | ---- | M] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2010/09/20 14:04:23 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9F35C6E5-57EE-4FAC-AB54-4D44BDC705C5}.job
[2010/09/20 14:02:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/09 15:03:05 | 000,001,702 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/06 10:57:29 | 000,013,093 | ---- | M] () -- C:\Users\Paul\Documents\CMW letter head.dotx
[2010/09/02 10:49:28 | 000,060,928 | ---- | M] () -- C:\Users\Paul\Documents\CV PC 06 10.doc
[2010/08/26 09:31:26 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/25 08:47:59 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/21 15:47:29 | 3218,956,288 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/06 10:57:28 | 000,013,093 | ---- | C] () -- C:\Users\Paul\Documents\CMW letter head.dotx
[2010/03/09 16:11:14 | 000,000,610 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
[2010/01/04 11:04:36 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/04 11:04:36 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009/10/21 09:16:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/03 13:00:02 | 000,003,584 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/13 20:08:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/13 19:10:38 | 000,001,966 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/13 13:52:25 | 000,000,680 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2009/08/13 12:12:51 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\QSwitch.txt
[2009/08/13 12:12:51 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\DSwitch.txt
[2009/08/13 12:12:51 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\AtStart.txt
[2009/08/13 12:12:43 | 000,100,562 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/06 11:41:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/06 11:40:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/06 11:40:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/06 11:39:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/06 11:37:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/06 10:50:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/19 10:17:05 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/02/19 10:10:45 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/02/19 10:08:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/02/19 10:07:15 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/10 15:05:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/04 05:28:30 | 000,184,320 | ---- | C] () -- C:\Windows\System32\3dlWinMn.dll
[1999/05/24 04:26:42 | 000,317,440 | ---- | C] () -- C:\Windows\System32\FdfTk.dll
[1999/05/24 04:23:36 | 000,094,208 | ---- | C] () -- C:\Windows\System32\FdfAcX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Unable to install the tool. Error message as follows: MoveFile failed; code 5. Access is denied.
Gives option to retry, ignore (not recommended) or abort.
Look forward to your advice.
Regards, Cantrad.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

no connectivity CF_download_FF

no connectivity 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello. Here is the log which is particularly long.
Kind regards, Cantrad:

ComboFix 10-09-25.07 - Paul 26/09/2010 11:54:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1699 [GMT 1:00]
Running from: F:\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFR2D0C.tmp
c:\programdata\b757927
c:\programdata\b757927\041701.reg
c:\programdata\b757927\BackUp\Citrix Access Gateway.lnk
c:\programdata\b757927\BackUp\HP Digital Imaging Monitor.lnk
c:\programdata\b757927\BackUp\Register.lnk
c:\programdata\b757927\BackUp\Wallpaper Changer.lnk
c:\programdata\b757927\BackUp\wkcalrem.LNK
c:\programdata\b757927\mcp.ico
c:\programdata\b757927\MSS.ico
c:\programdata\b757927\MSSSys\vd952342.bd
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\Paul\AppData\Roaming\My Security Shield
c:\users\Paul\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-26 11:20 . 2010-09-26 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-25 10:20 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-25 10:19 . 2010-09-25 10:19 -------- d-----w- c:\programdata\Malwarebytes
2010-09-25 10:19 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 10:26 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 10:23 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 10:22 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 10:21 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 09:56 . 2010-09-15 09:56 353512 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-09-15 09:56 . 2010-09-15 09:56 12544 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-09-09 15:44 . 2010-09-09 15:44 -------- d-----w- c:\program files\McAfee.com
2010-09-09 13:55 . 2010-09-21 15:25 -------- d-----w- C:\QUARANTINE
2010-09-09 13:55 . 2010-09-09 13:55 -------- d-sh--w- c:\programdata\MSRSZFS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 10:25 . 2009-02-19 07:24 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-25 10:04 . 2010-01-04 10:01 -------- d-----w- c:\program files\Spyware Doctor
2010-09-21 07:11 . 2009-08-13 12:52 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2010-09-17 11:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-17 09:06 . 2009-02-19 08:58 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 11:36 . 2009-08-26 12:20 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype
2010-09-10 11:10 . 2009-10-29 12:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 15:45 . 2009-08-14 10:12 -------- d-----w- c:\program files\Common Files\McAfee
2010-09-09 15:45 . 2009-08-14 10:12 -------- d-----w- c:\programdata\McAfee
2010-09-09 15:44 . 2009-08-14 10:12 -------- d-----w- c:\program files\McAfee
2010-09-09 10:49 . 2010-05-11 13:11 63488 ----a-w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-09 10:49 . 2010-01-05 14:04 117760 ----a-w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-30 08:52 . 2010-01-05 14:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-26 10:28 . 2010-08-26 10:27 -------- d-----w- c:\program files\Nectar Search Toolbar
2010-08-26 07:42 . 2009-02-19 09:21 -------- d-----w- c:\program files\Common Files\Java
2010-08-26 07:41 . 2009-02-19 09:21 -------- d-----w- c:\program files\Java
2010-08-24 13:57 . 2009-08-14 10:13 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2009-08-14 10:13 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 13:57 . 2009-08-14 10:13 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-08-18 14:23 . 2010-08-18 13:54 -------- d-----w- c:\program files\CoolTick8
2010-08-17 10:14 . 2009-08-26 12:19 -------- d-----r- c:\program files\Skype
2010-08-17 10:14 . 2009-08-26 12:19 -------- d-----w- c:\programdata\Skype
2010-08-17 10:12 . 2010-04-22 08:53 -------- d-----w- c:\users\Paul\AppData\Roaming\skypePM
2010-08-17 08:46 . 2009-02-19 08:47 -------- d-----w- c:\program files\Microsoft Works
2010-08-02 09:41 . 2010-08-02 09:41 -------- d-----w- c:\programdata\HipSoft
2010-08-02 09:41 . 2009-02-19 08:28 -------- d-----w- c:\programdata\WildTangent
2010-07-30 10:26 . 2010-07-30 10:26 -------- d-----w- c:\users\Paul\AppData\Roaming\FloodLightGames
2010-07-30 10:26 . 2010-07-30 10:26 -------- d-----w- c:\programdata\FloodLightGames
2010-07-17 04:00 . 2010-05-25 08:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2009-02-19 09:03 . 2009-02-19 08:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}"= "c:\program files\Nectar Search Toolbar\Helper.dll" [2010-08-26 243200]

[HKEY_CLASSES_ROOT\clsid\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
2010-08-26 10:28 1499136 ----a-w- c:\program files\Nectar Search Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-08-26 1499136]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8020143D-5926-4394-A04D-DD0B649DA121}"= "c:\program files\Nectar Search Toolbar\Toolbar.dll" [2010-08-26 1499136]

[HKEY_CLASSES_ROOT\clsid\{8020143d-5926-4394-a04d-dd0b649da121}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}]
[HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-30 2424560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-19 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2009-10-12 1393304]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Register.lnk - c:\program files\AzureBay\AzureBay Screen Saver\Register.exe [2005-7-4 471040]
Wallpaper Changer.lnk - c:\program files\AzureBay\AzureBay Screen Saver\WPChanger.exe [2005-7-4 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-21 08:46 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3475719832-1917399278-732260719-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-02 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-01 390528]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-02 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-26 67656]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/06 02:27];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-06-15 26168]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2008-09-29 19456]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-24 141792]
S2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [2009-10-12 139264]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-03 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 Net6IM;Net6;c:\windows\system32\DRIVERS\net6im51.sys [2009-04-23 73368]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{9F35C6E5-57EE-4FAC-AB54-4D44BDC705C5}.job
- c:\windows\system32\msfeedssync.exe [2010-08-16 04:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://neo3.sjp.co.uk/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-UPB:{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 12:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Completion time: 2010-09-26 12:45:20
ComboFix-quarantined-files.txt 2010-09-26 11:44

Pre-Run: 164,558,290,944 bytes free
Post-Run: 164,414,595,072 bytes free

- - End Of File - - C2AAD67CCFDE6BD54E8E4D3D1385BD15

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    Driver::
    ezSharedSvc

    NetSvc::
    ezSharedSvc

    DDS::
    uInternet Settings,ProxyServer =
    uInternet Settings,ProxyOverride =

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    no connectivity Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello. I proceeded as you suggested and left the machine to its own devices for a short while. When I returned I was met by a black screen and the white cursor arrow which can be moved anywhere on the screen. Waited a while but nothing happened so I rebooted the machine. Still met by a black screen with a white cursor arrow.
Hope you can help.
Regards,
Cantrad

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello.
Do you have the Vista DVD?

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Hello. Don't believe the machine was supplied with a Vista DVD. This post comes to you on an identical machine and I have all of the delivery documents for both. No DVD. Is it possible to create a back up/recovery DVD from this machine? Or look forward to your suggestions.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
Follow up to previous post. I have to order an HP recovery disk which is likely to take a few days. I will contact you when it has arrived.
Kind regards, Cantrad.

descriptionno connectivity EmptyRe: no connectivity

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum