Solved Vista Laptop Problem Like Brother's Compaq Desktop

tvjohns · 2010/09/23

[Resolved] Vista Laptop Problem Like Brother's Compaq Desktop

9/23/2010

RE: text reproduced below about my Vista Laptop: broni wrote
"... let's not mix two computers into one thread." I agree with the sense of that and so am starting this sister thread to my brother's "Compaq xp computer runs slow,locks-up" thread.

Posted by: tvjohns
On: 22nd September 2010 13:02

I have just tried running GMER, not on my brother's Compaq but on my own Vista laptop. I ran MalwareBytes firstâ€”No Files Infected. Then I tried running GMER, 1st without checking Run as Administrator which didn't work, so naturally I next chose Run as Admin. Got what looks like the regular GMER screen tried running it. GMER wouldn't run, locked. Even had to reboot to get desktop working again. Tried unchecking Devices as you recommend. Didn't help. Seemed to start scanning, program quickly stopped.

Next I tried running GMER in Safe Mode. Again started to run Rootkit scan, seemed to run little longer then stopped again. Brought up error screen with following message:

GMER stopped working
Problem Event Name: APPCRASH
Application Name: gmer.exe
Application Version: 1.0.15.15281
Application Timestamp: 4b2763f0
Fault Module Name: gmer.exe
Fault Module Version: 1.0.15.15281
Fault Module Timestamp: 4b2763f0
Exception Code: c0000005
Exception Offset: 0000c4b1
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

QUESTION: Does this mean I have a rootkit infection smart enough to defend itself against GMER? OR Does GMER not compatible with Vista? OR Can you suggest other GMER run solution OR different Rootkit detector/killer?

Timothy
************

http://www.WindowsBBS.com/malware-v...p-computer-runs-slow-locks-up.html#post532281
Posted by: tvjohns
On: 22nd September 2010 13:35

P.S. I run Avast Anti-virus on my laptop. The two times my entire laptop locked up, forcing not a hot reboot but total shutdown and cold-boot was when Avast was still running. Only after I shut down Avast could I run GMER "” though even then as I noted just above, GMER quit after just a few seconds scanning, producing the error message I note above. So obviously Avast, or presumably any other AV app interferes with GMER. But running in Safe Mode failed also.

Timothy
************

http://www.WindowsBBS.com/malware-v...p-computer-runs-slow-locks-up.html#post532294
Posted by: broni
On: 22nd September 2010 14:53

OK, let's not mix two computers into one thread.
We stay with one computer here.

Skip GMER and give me MBRCheck log, please.

**************

My Laptop DDS.txt and Attach.txt data:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Timothy at 16:59:43.91 on Thu 09/23/2010
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1981.866 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Vista Firewall Control *disabled* {C83D5A86-CCB1-40EB-BD6D-E0BA16353295}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\lxdkcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\iashost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Accessories\Metapad.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Timothy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: iFinger plugin / Browser helper object: {a114d52b-870c-4f15-8021-b6d7f91a054b} - c:\progra~1\ifinger\plugins\IE.ifp
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No File
EB: iFinger: {0cbd5120-990b-11d3-8abd-00c04fa95ee0} - c:\windows\system32\SHDOCVW.DLL
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [VistaFirewallControl] c:\program files\vistafirewallcontrol\VistaFirewallControl.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
uPolicies-explorer: TaskbarNoNotification = 0 (0x0)
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
mPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {936E5D60-596C-11D3-BB96-00600816DF55} - {0CBD5120-990B-11D3-8ABD-00C04FA95EE0} - c:\windows\system32\SHDOCVW.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: {8FED5479-73C3-4831-83DB-F8ECE3F4DA8E} = 68.94.156.1,68.94.157.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll
mASetup: ccc-core-static - msiexec /fums {4DE0B33E-019A-CDBA-C2D1-C66F8598EF15} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\users\timothy\appdata\roaming\mozilla\firefox\profiles\bknhjd23.tim's profile\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-20 165584]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-20 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-20 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-20 243024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-20 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-20 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-20 40384]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-20 40384]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2007-3-12 354816]
S2 gupdate1c9b096df02f6b;Google Update Service (gupdate1c9b096df02f6b);c:\program files\google\update\GoogleUpdate.exe [2009-3-29 133104]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-8-7 90352]

=============== Created Last 30 ================

2010-09-22 17:33:19 257026561 ----a-w- c:\windows\MEMORY.DMP
2010-09-22 16:48:42 0 d-----w- c:\users\timothy\appdata\roaming\Malwarebytes
2010-09-22 16:48:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 16:48:20 0 d-----w- c:\programdata\Malwarebytes
2010-09-22 16:48:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 16:48:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 18:44:04 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-20 18:43:44 38848 ----a-w- c:\windows\avastSS.scr
2010-09-20 18:01:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 18:01:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 18:01:43 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-20 18:01:02 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 17:58:04 0 d-----w- c:\program files\AVG
2010-09-20 17:57:42 0 d-----w- c:\programdata\avg9
2010-09-20 14:35:53 0 d-----w- c:\program files\VS Revo Group
2010-09-19 20:03:06 0 d-----w- c:\programdata\Alwil Software
2010-09-09 00:23:27 0 d-----w- c:\program files\CCleaner
2010-08-30 04:30:41 0 d-----w- c:\users\timothy\AbiSuite

==================== Find3M ====================

2009-08-13 03:00:24 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-13 03:00:24 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-13 03:00:24 51200 ----a-w- c:\windows\inf\infpub.dat
2009-06-27 04:01:44 174 --sha-w- c:\program files\desktop.ini
2009-06-27 03:49:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-29 23:47:48 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-29 23:47:48 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-29 23:47:48 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-03-04 02:36:31 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-04 02:36:31 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-03-04 02:36:31 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-03-04 02:36:31 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-29 22:38:41 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 17:00:18.41 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2007 7:22:38 PM
System Uptime: 9/23/2010 4:29:40 PM (1 hours ago)

Motherboard: Gateway | |
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | U23 | 1600/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 59.221 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.293 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 17.861 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C6300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

==== System Restore Points ===================

RP1165: 9/14/2010 10:33:51 AM - Scheduled Checkpoint
RP1166: 9/14/2010 12:00:38 PM - Windows Backup
RP1167: 9/14/2010 6:00:16 PM - Windows Update
RP1168: 9/15/2010 8:28:26 AM - Scheduled Checkpoint
RP1169: 9/15/2010 12:00:35 PM - Windows Backup
RP1170: 9/16/2010 12:00:48 PM - Windows Backup
RP1171: 9/17/2010 10:09:47 AM - Scheduled Checkpoint
RP1172: 9/17/2010 12:00:38 PM - Windows Backup
RP1173: 9/18/2010 11:59:48 AM - Scheduled Checkpoint
RP1174: 9/18/2010 12:00:46 PM - Windows Backup
RP1175: 9/18/2010 6:00:33 PM - Windows Update
RP1176: 9/19/2010 11:59:51 AM - Scheduled Checkpoint
RP1177: 9/19/2010 12:00:42 PM - Windows Backup
RP1178: 9/19/2010 3:03:12 PM - avast! Free Antivirus Setup
RP1179: 9/20/2010 7:58:57 AM - Scheduled Checkpoint
RP1181: 9/20/2010 9:46:54 AM - Revo Uninstaller's restore point - avast! Free Antivirus
RP1182: 9/20/2010 9:47:35 AM - avast! Free Antivirus Setup
RP1183: 9/20/2010 12:02:47 PM - Windows Backup
RP1184: 9/20/2010 12:57:33 PM - Installed AVG Free 9.0
RP1186: 9/20/2010 1:05:25 PM - Revo Uninstaller's restore point - AVG Free 9.0
RP1187: 9/20/2010 1:06:32 PM - Removed AVG Free 9.0
RP1188: 9/20/2010 1:43:15 PM - avast! Free Antivirus Setup
RP1189: 9/21/2010 10:59:57 AM - Scheduled Checkpoint
RP1190: 9/21/2010 12:00:40 PM - Windows Backup
RP1191: 9/22/2010 7:42:15 AM - Scheduled Checkpoint
RP1192: 9/22/2010 12:00:45 PM - Windows Backup
RP1193: 9/23/2010 4:42:16 PM - Windows Backup

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
7-Zip 4.57
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
Agere Systems HDA Modem
ATI Catalyst Install Manager
ATI Uninstaller
avast! Free Antivirus
Belarc Advisor 7.2
Blackhawk Striker 2
Blasterball 3
Browser Address Error Redirector
BufferChm
C6300
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner (remove only)
CodeStuff Starter
Corel WordPerfect Office - iFilter
CutePDF Writer 2.7
DesignPro 5.0 Limited Edition
Destination Component
DeviceDiscovery
Diner Dash
EPSON Printer Software
FATE
FileZilla Client 3.2.6.1
FxVisor
Gateway Game Console
Gateway Recovery Center Installer
Gear Flash Downloader 1.0
Google Desktop
Google Earth
Google Update Helper
GPBaseService2
GPL Ghostscript 8.63
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Imaging Device Functions 12.0
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HP USB Disk Storage Format Tool
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Icon Restore 1.0
iFinger 2.0
IrfanView (remove only)
ISO Recorder
IZArc 4.1.2
Java(TM) SE Runtime Environment 6
K-Lite Codec Pack 3.3.0 Full
KeyNote 1.6.5
LeapFrog Connect
LeapFrog Leapster2 Plugin
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office 2000 Professional
Microsoft Reader
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.0.19)
Mozilla Thunderbird (2.0.0.24)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Network
PC Pitstop Optimize3 3.0
PDF-Viewer
PDFCreator
Penguins!
Polar Bowler
Polar Golfer
PS_AIO_04_C6300_Software_Min
QuickTime Alternative 1.81
Rainlendar2 (remove only)
Read in Microsoft Reader Add-in for Microsoft Word
Recuva (remove only)
RegEditX
Revo Uninstaller 1.83
RLDS Scripture and Church History Set
Scan
SCRABBLE
Serif PagePlus 8.0 PDF Edition
ShadowExplorer 0.4
Shop for HP Supplies
SigmaTel Audio
Skins
SmartWebPrinting
SolutionCenter
Sony USB Driver
Status
Stickies 6.0c
SumatraPDF
SWF Opener
Synaptics Pointing Device Driver
TaxACT 2008
TaxACT 2008 Missouri
TaxACT 2009
TaxACT 2009 Missouri
The Restored Scriptures
Toolbox
Tradewinds
TrayApp
Tweak UI
UnInstall Icon Restore 1.0
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
WebReg
Winamp (remove only)
Windows 7 Upgrade Advisor Beta
WordPerfect Lightning
WordPerfect Lightning - EN
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM EN
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
Works Suite OS Pack
Works Synchronization

==== Event Viewer Messages From Past Week ========

9/23/2010 4:31:06 PM, Error: EventLog [6008] - The previous system shutdown at 4:28:23 PM on 9/23/2010 was unexpected.
9/22/2010 5:10:54 PM, Error: EventLog [6008] - The previous system shutdown at 5:06:13 PM on 9/22/2010 was unexpected.
9/22/2010 3:59:48 PM, Error: EventLog [6008] - The previous system shutdown at 3:56:35 PM on 9/22/2010 was unexpected.
9/22/2010 2:41:59 PM, Error: EventLog [6008] - The previous system shutdown at 2:39:29 PM on 9/22/2010 was unexpected.
9/22/2010 12:35:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/22/2010 12:35:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSP aswTdi AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/22/2010 12:35:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/22/2010 12:34:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/22/2010 12:34:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/22/2010 12:34:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/22/2010 12:34:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/22/2010 12:34:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/22/2010 12:34:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/22/2010 12:34:02 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
9/22/2010 12:34:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments " " in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/22/2010 12:33:59 PM, Error: EventLog [6008] - The previous system shutdown at 12:31:42 PM on 9/22/2010 was unexpected.
9/22/2010 12:20:14 PM, Error: EventLog [6008] - The previous system shutdown at 12:14:23 PM on 9/22/2010 was unexpected.
9/22/2010 1:21:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:18:41 PM on 9/22/2010 was unexpected.
9/16/2010 9:50:58 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {657C7A59-4FEC-4C06-A354-607B1EB184FB}. The error: "3" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe" -Embedding
9/16/2010 3:31:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/16/2010 12:36:06 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AD938644-E4BF-11D4-BD4C-444553540000}. The error: "740" Happened while starting this command: C:\PROGRA~1\iFinger\iFinger.exe -Embedding
9/16/2010 10:58:21 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer Lexmark 5300 Series (Copy 2) because the print processor Lexmark 5300 Series Print Processor could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.

==== End Of File ===========================

tvjohns · 2010/09/23

broni also requested, since GMER could not run on my Vista machine, to submit MBRCheck text:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Phoenix
System Manufacturer: Gateway
System Product Name: MT3707
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 148):
0x81E02000 \SystemRoot\system32\ntkrnlpa.exe
0x821BB000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80417000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80477000 \SystemRoot\system32\PSHED.dll
0x80488000 \SystemRoot\system32\BOOTVID.dll
0x80490000 \SystemRoot\system32\CLFS.SYS
0x804D1000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80729000 \SystemRoot\system32\drivers\volmgr.sys
0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
0x80782000 \SystemRoot\system32\drivers\pciide.sys
0x80789000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80797000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A7000 \SystemRoot\system32\drivers\atapi.sys
0x807AF000 \SystemRoot\system32\drivers\ataport.SYS
0x807CD000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B1000 \SystemRoot\system32\drivers\fileinfo.sys
0x8760F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87680000 \SystemRoot\system32\drivers\ndis.sys
0x8778B000 \SystemRoot\system32\drivers\msrpc.sys
0x877B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8780B000 \SystemRoot\System32\drivers\tcpip.sys
0x878F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B18000 \SystemRoot\system32\drivers\volsnap.sys
0x87B51000 \SystemRoot\System32\Drivers\spldr.sys
0x87B59000 \SystemRoot\System32\Drivers\mup.sys
0x87B68000 \SystemRoot\System32\drivers\ecache.sys
0x87B8F000 \SystemRoot\system32\drivers\disk.sys
0x87BA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC1000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87BF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8790F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87A00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C209000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C8AC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C94B000 \SystemRoot\System32\drivers\watchdog.sys
0x8C958000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8C98B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C995000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C9D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C9E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8791E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87930000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x87943000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8794E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C9FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87979000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87984000 \SystemRoot\system32\DRIVERS\RTL85n86.sys
0x8C200000 \SystemRoot\system32\DRIVERS\serscan.sys
0x805C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CC41000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CC4C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CC63000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CC6E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CC91000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CCA0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CCB4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CCC9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CCD9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CCDB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CD05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CD0F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CD1C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CD50000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CE0C000 \SystemRoot\system32\drivers\stwrt.sys
0x8CEAF000 \SystemRoot\system32\drivers\portcls.sys
0x8CEDC000 \SystemRoot\system32\drivers\drmk.sys
0x8D006000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D122000 \SystemRoot\system32\drivers\modem.sys
0x8D12F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D138000 \SystemRoot\System32\Drivers\Null.SYS
0x8D13F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D14F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D156000 \SystemRoot\System32\drivers\vga.sys
0x8D162000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D183000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D18B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D193000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D19E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D1AC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D1B5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D1CB000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D1D5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CF01000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8D1E9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CF3B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CF6D000 \SystemRoot\system32\drivers\afd.sys
0x8D1FB000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8CFB5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CFCB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CFD9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CD61000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CFEC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CD9D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D000000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8CDB4000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8D146000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CDE8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CFF6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D60E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8D635000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D65D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D66A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D675000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95280000 \SystemRoot\System32\win32k.sys
0x8D67D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D687000 \SystemRoot\system32\DRIVERS\monitor.sys
0x954A0000 \SystemRoot\System32\TSDDD.dll
0x954C0000 \SystemRoot\System32\cdd.dll
0x8D696000 \SystemRoot\system32\drivers\luafv.sys
0x8D6B1000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8D6E8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8D6F3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D703000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D72D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D737000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D74A000 \SystemRoot\system32\drivers\spsys.sys
0x9AE02000 \SystemRoot\system32\drivers\HTTP.sys
0x9AE6D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AE8A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9AEA3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9AEB8000 \SystemRoot\system32\drivers\mrxdav.sys
0x9AED8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9AEF7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9AF30000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9AF48000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AF6F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C400000 \SystemRoot\system32\drivers\peauth.sys
0x9C4DE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C4E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C4F4000 \SystemRoot\system32\drivers\tdtcp.sys
0x9C4FF000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9C50B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9C53E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76FE0000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
512 csrss.exe
564 csrss.exe
572 C:\Windows\System32\wininit.exe
620 C:\Windows\System32\winlogon.exe
648 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\Ati2evxx.exe
1064 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\audiodg.exe
1252 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\SLsvc.exe
1332 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\Ati2evxx.exe
1520 C:\Windows\System32\svchost.exe
1784 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
192 C:\Windows\System32\taskeng.exe
280 C:\Windows\System32\spoolsv.exe
332 C:\Windows\System32\svchost.exe
436 C:\Windows\System32\taskeng.exe
420 C:\Program Files\Google\Update\GoogleUpdate.exe
816 C:\Windows\System32\agrsmsvc.exe
1208 C:\Windows\System32\svchost.exe
2148 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
2204 C:\Windows\System32\lxdkcoms.exe
2228 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
2268 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2460 C:\Windows\System32\svchost.exe
2488 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2532 C:\Windows\System32\svchost.exe
2608 C:\Windows\System32\SearchIndexer.exe
2924 C:\Windows\System32\svchost.exe
3236 iashost.exe
2312 C:\Windows\System32\dwm.exe
996 C:\Windows\explorer.exe
3128 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3304 C:\Program Files\Rainlendar2\Rainlendar2.exe
1260 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
1016 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2160 C:\Windows\ehome\ehtray.exe
3384 C:\Program Files\Windows Sidebar\sidebar.exe
3184 C:\Program Files\Windows Media Player\wmpnscfg.exe
2772 C:\Program Files\Windows Media Player\wmpnetwk.exe
3896 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3420 C:\Windows\ehome\ehmsas.exe
3832 C:\Program Files\Windows Sidebar\sidebar.exe
1464 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
940 C:\Windows\System32\wuauclt.exe
3924 C:\Windows\servicing\TrustedInstaller.exe
792 C:\Windows\System32\SearchProtocolHost.exe
2708 C:\Windows\System32\SearchFilterHost.exe
672 C:\Users\Timothy\Downloads\COMPAQ ANTI-MALWARE APPS\Step 03\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9160821A, Rev: 3.ALC
PhysicalDrive1 Model Number: WD2500BEV External, Rev: 1.05

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1EA750E9C9F76DE36355792B12919BA717CB63FF
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2BE9ACE700A45722604874D4A10E3B6A212931F3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: MBRDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: Report01Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: MBRRE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: ReportRE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 2Dumping \\.\PhysicalDisk2...
Enter filename to dump to: -1Error: Drive not fixed!

Enter the physical disk number to dump (0-99, -1 to exit): 2Dumping \\.\PhysicalDisk2...
Enter filename to dump to: [3]Error: Drive not fixed!

Enter the physical disk number to dump (0-99, -1 to exit): 2Dumping \\.\PhysicalDisk2...
Enter filename to dump to: NError: Drive not fixed!

Enter the physical disk number to dump (0-99, -1 to exit):

Admin. · 2010/09/23

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/09/23

Your MBR seems to be infected....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

tvjohns · 2010/09/24

I created and ran the Fdos Bootable CD program. Ran MBRCheck again still get statement: Found non-standard or infected MBR. I also note, if not apparent from the MBRCheck readout which follows below that one readout statement: PhysicalDrive1 Model Number: WD2500BEV External, Rev: 1.05. This is Drive F which is a USB external drive. Might this be the source or cause of continued “infected MBR” statement?

And final comment or question before MBRCheck readout, I got this from Admi: “I see you have *P2P* software ( *Azures, Limewire, BitTorrent, uTorrent* etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. ... The bad guys use P2P filesharing as a major conduit to spread their wares and their infections. ...” I had never thought of this, though I should have. I have had uTorrent on my laptop for some time, used rarely and not for a long time. Needed it to download some legitimate freeware application year or two ago, forget now what. I no longer use but will uninstall it from my computer.

Now, latest MBRCheck read out (just out of my curiosity – What does MBR stand for?)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Phoenix
System Manufacturer: Gateway
System Product Name: MT3707
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 148):
0x81E05000 \SystemRoot\system32\ntkrnlpa.exe
0x821BE000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80476000 \SystemRoot\system32\PSHED.dll
0x80487000 \SystemRoot\system32\BOOTVID.dll
0x8048F000 \SystemRoot\system32\CLFS.SYS
0x804D0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\system32\drivers\pciide.sys
0x80783000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80791000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A1000 \SystemRoot\system32\drivers\atapi.sys
0x807A9000 \SystemRoot\system32\drivers\ataport.SYS
0x807C7000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B0000 \SystemRoot\system32\drivers\fileinfo.sys
0x87608000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87679000 \SystemRoot\system32\drivers\ndis.sys
0x87784000 \SystemRoot\system32\drivers\msrpc.sys
0x877AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x87802000 \SystemRoot\System32\drivers\tcpip.sys
0x878EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A0F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B1E000 \SystemRoot\system32\drivers\volsnap.sys
0x87B57000 \SystemRoot\System32\Drivers\spldr.sys
0x87B5F000 \SystemRoot\System32\Drivers\mup.sys
0x87B6E000 \SystemRoot\System32\drivers\ecache.sys
0x87B95000 \SystemRoot\system32\drivers\disk.sys
0x87BA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87906000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x87A09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BE0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C4AE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C54D000 \SystemRoot\System32\drivers\watchdog.sys
0x8C55A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8C58D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C597000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C5D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C5E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87915000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87927000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8793A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87965000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87970000 \SystemRoot\system32\DRIVERS\RTL85n86.sys
0x879C9000 \SystemRoot\system32\DRIVERS\serscan.sys
0x879D1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C603000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C644000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C64F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C666000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C671000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C694000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C6A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C6B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C6CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C6DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C6DE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C708000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C712000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C71F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C753000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C80C000 \SystemRoot\system32\drivers\stwrt.sys
0x8C8AF000 \SystemRoot\system32\drivers\portcls.sys
0x8C8DC000 \SystemRoot\system32\drivers\drmk.sys
0x8CA0A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8CB26000 \SystemRoot\system32\drivers\modem.sys
0x8CB33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CB3C000 \SystemRoot\System32\Drivers\Null.SYS
0x8CB43000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CB53000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CB5A000 \SystemRoot\System32\drivers\vga.sys
0x8CB66000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CB87000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CB8F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CB97000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CBA2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CBB0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CBB9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CBCF000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8CBD9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CBED000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8C901000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8C93B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C96D000 \SystemRoot\system32\drivers\afd.sys
0x8CA00000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8C9B5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C9CB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C9D9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C764000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C9EC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C7A0000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CB4A000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8C7B7000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8C9F6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C7EB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C800000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x877E9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x805C0000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8D404000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D42C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D439000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D444000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93020000 \SystemRoot\System32\win32k.sys
0x8D44C000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D456000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93240000 \SystemRoot\System32\TSDDD.dll
0x93260000 \SystemRoot\System32\cdd.dll
0x8D465000 \SystemRoot\system32\drivers\luafv.sys
0x8D480000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8D4B7000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8D4C2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D4D2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D4FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D506000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D519000 \SystemRoot\system32\drivers\spsys.sys
0x98605000 \SystemRoot\system32\drivers\HTTP.sys
0x98670000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9868D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x986A6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x986BB000 \SystemRoot\system32\drivers\mrxdav.sys
0x986DB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x986FA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98733000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9874B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98772000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A20A000 \SystemRoot\system32\drivers\peauth.sys
0x9A2E8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A2F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A2FE000 \SystemRoot\system32\drivers\tdtcp.sys
0x9A309000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9A315000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9A348000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77160000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
392 C:\Windows\System32\smss.exe
460 csrss.exe
512 csrss.exe
520 C:\Windows\System32\wininit.exe
552 C:\Windows\System32\winlogon.exe
600 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\Ati2evxx.exe
1016 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\audiodg.exe
1204 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\Ati2evxx.exe
1496 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\dwm.exe
1732 C:\Windows\explorer.exe
1780 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2040 C:\Windows\System32\taskeng.exe
268 C:\Windows\System32\spoolsv.exe
412 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\taskeng.exe
1228 C:\Windows\System32\agrsmsvc.exe
988 C:\Windows\System32\svchost.exe
2112 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
2192 C:\Windows\System32\lxdkcoms.exe
2224 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
2248 C:\Windows\System32\svchost.exe
2352 C:\Windows\System32\svchost.exe
2376 C:\Windows\System32\svchost.exe
2396 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2484 C:\Windows\System32\svchost.exe
2576 C:\Windows\System32\SearchIndexer.exe
2860 C:\Windows\System32\svchost.exe
3292 iashost.exe
3788 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3828 C:\Program Files\Rainlendar2\Rainlendar2.exe
3836 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3856 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3880 C:\Windows\ehome\ehtray.exe
3912 C:\Program Files\Windows Sidebar\sidebar.exe
2360 C:\Program Files\Windows Media Player\wmpnscfg.exe
1856 C:\Program Files\Windows Media Player\wmpnetwk.exe
3188 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2632 C:\Windows\ehome\ehmsas.exe
3776 C:\Program Files\Windows Sidebar\sidebar.exe
3560 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2696 C:\Windows\System32\wuauclt.exe
3572 C:\Windows\System32\taskeng.exe
3924 C:\Windows\System32\svchost.exe
2188 taskeng.exe
2760 C:\Windows\System32\SearchProtocolHost.exe
3508 C:\Users\Timothy\Downloads\COMPAQ ANTI-MALWARE APPS\Step 03\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9160821A, Rev: 3.ALC
PhysicalDrive1 Model Number: WD2500BEV External, Rev: 1.05

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2BE9ACE700A45722604874D4A10E3B6A212931F3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

tvjohns · 2010/09/24

FYI: I got this from Admi: “I see you have *P2P* software ( *Azures, Limewire, BitTorrent, uTorrent* etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. ... The bad guys use P2P filesharing as a major conduit to spread their wares and their infections. ...” I had never thought of this, though I should have.

I just finished removing uTorrent from my computer using RevoUninstaller. All traces gone. Couldn't find a link to the Admin. guy to say so. If you wish me to rerun DDS reports to show uTorrent gone, just let me know.

Best regards,

tvjohns

broni · 2010/09/24

I don't need new DDS logs for now.

MBR looks good
We only care about bootable PhysicalDrive0 (C).
MBR - Master Boot Record: http://en.wikipedia.org/wiki/Master_Boot_Record

===============================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

tvjohns · 2010/09/27

Malwarebytes LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4702

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

9/27/2010 7:54:10 AM
mbam-log-2010-09-27 (07-54-10).txt

Scan type: Quick scan
Objects scanned: 137239
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/09/27

Go on...

tvjohns · 2010/09/29

RE: Running Combofix. When I start it, it comes to a point where it warns it has detected McAfee VirusScan. THERE IS NO TRACE OF ANYTHING McAfee on my computer. BUT here is a note I made much earlier about this problem:

3/24/2010
McAfee Personal Firewall

In Vista Security Center when I click on Firewall it shows Windows Firewall and McAfee Personal Firewall both report they are turned on.

I think McAfee showed up as part of the Junkware trial apps when first I got this Gateway Laptop, but I never installed it. Hate McAfee. In Control Panel under Programs and Features (the new Add/Remove ) I find no instance of anything resembling McAfee. Nor is there any trace of McAfee in Program Files.

When I press Start Menu and type McAfee in Start Search nothing shows up.

In effect, for all intents and purposes I find no trace of anything McAfee on my computer. So how can Vista Security Center show McAfee Personal Firewall running simultaneously with Windows Firewall...which, of course, Security Center warns is a potential conflict when 2 firewalls turned on.

Is this some sort of bogus glitch, some leftover shadow of the McAfee Personal Firewall trialware once on my computer that somehow planted this “McAfee Firewall turned on” entry in Security Center Firewall report when in fact McAfee firewall does not exist on my laptop OR could McAfee Personal Firewall somehow be running surreptitiously in background without showing its face anywhere it can be accessed and removed.

Either case, how the blankety-blank duece can I remove Security Center?

Finally, will Combofix detecting what is not really there, best I can tell, cause it to act crazy as your explanation of Combofix sensitivities warns...!?

broni · 2010/09/29

Disregard Combofix warning and run it.

tvjohns · 2010/10/01

Ran Combofix. Here's the report:

ComboFix 10-10-01.01 - Timothy 10/01/2010 21:09:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1981.942 [GMT -5:00]
Running from: c:\users\Timothy\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Vista Firewall Control *disabled* {C83D5A86-CCB1-40EB-BD6D-E0BA16353295}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\windows
D:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-02 02:18 . 2010-10-02 02:18 -------- d-----w- c:\users\Timothy\AppData\Local\temp
2010-10-02 02:18 . 2010-10-02 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-01 01:52 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-09-22 16:48 . 2010-09-22 16:48 -------- d-----w- c:\users\Timothy\AppData\Roaming\Malwarebytes
2010-09-22 16:48 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 16:48 . 2010-09-22 16:48 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 16:48 . 2010-09-27 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 16:48 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 18:44 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-20 18:44 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-20 18:44 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-20 18:44 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-20 18:44 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-20 18:43 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-20 18:43 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-20 18:01 . 2010-09-20 18:01 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-20 18:01 . 2010-09-20 18:01 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-20 18:01 . 2010-09-20 18:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-09-20 18:01 . 2010-09-20 18:01 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-20 18:01 . 2010-09-20 18:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-20 17:58 . 2010-09-20 17:58 -------- d-----w- c:\program files\AVG
2010-09-20 17:57 . 2010-09-20 18:09 -------- d-----w- c:\programdata\avg9
2010-09-20 14:35 . 2010-09-20 14:35 -------- d-----w- c:\program files\VS Revo Group
2010-09-19 20:03 . 2010-09-19 20:03 -------- d-----w- c:\programdata\Alwil Software
2010-09-09 00:23 . 2010-09-09 00:23 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 23:12 . 2008-05-05 22:58 -------- d-----w- c:\program files\Essentials Codec Pack
2010-10-01 02:45 . 2007-06-15 15:08 -------- d-----w- c:\program files\QuickTime Alternative
2010-09-28 00:04 . 2007-03-17 00:46 -------- d-----w- c:\program files\Google
2010-09-24 21:35 . 2008-07-17 17:24 -------- d-----w- c:\users\Timothy\AppData\Roaming\uTorrent
2010-09-19 20:06 . 2007-06-16 19:34 -------- d-----w- c:\program files\Alwil Software
2010-09-08 21:54 . 2007-03-17 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 05:08 . 2010-08-21 05:07 -------- d-----w- c:\program files\IZArc
2010-08-21 03:14 . 2010-08-21 03:14 -------- d-----w- c:\program files\7-Zip
2010-08-07 13:13 . 2010-08-07 13:12 -------- d-----w- c:\programdata\PCPitstop
2010-08-07 13:12 . 2010-08-07 13:12 -------- d-----w- c:\program files\PCPitstop
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Rainlendar2 "= "c:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Rainlendar2 "= "c:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Media Codec Update Service "= "c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification "= 0 (0x0)
"HideSCABattery "= 0 (0x0)
"HideSCANetwork "= 0 (0x0)
"HideSCAVolume "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 23:20 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\microsoft shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 16:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
2009-06-10 20:26 205552 ----a-w- c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2008-11-15 01:08 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2000-06-18 19:03 106544 ----a-w- c:\windows\System32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3777651122-2117734261-3338017706-1000]
"EnableNotificationsRef "=dword:00000003
"EnableNotifications "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3777651122-2117734261-3338017706-500]
"EnableNotificationsRef "=dword:00000002

R2 gupdate1c9b096df02f6b;Google Update Service (gupdate1c9b096df02f6b);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-04-26 90352]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-20 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-20 243024]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 598960]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 354816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 17:44]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 17:44]

2010-10-02 c:\windows\Tasks\User_Feed_Synchronization-{63FCD27C-7927-41DA-BAB8-30F16C6499BD}.job
- c:\windows\system32\msfeedssync.exe [2009-11-23 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: {8FED5479-73C3-4831-83DB-F8ECE3F4DA8E} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VistaFirewallControl - c:\program files\VistaFirewallControl\VistaFirewallControl.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-Belarc Advisor - c:\progra~1\Belarc\Advisor\Uninstall.exe
AddRemove-TweakUI - c:\windows\rundll32.exe
AddRemove-Windows Essentials Media Codec Pack - c:\program files\Essentials Codec Pack\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 21:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,09,77,d3,3c,86,4d,44,99,a7,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,09,77,d3,3c,86,4d,44,99,a7,06,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-10-01 21:21:39
ComboFix-quarantined-files.txt 2010-10-02 02:21

Pre-Run: 63,620,558,848 bytes free
Post-Run: 63,545,200,640 bytes free

- - End Of File - - 8FCC542BC33565D3374E3C96C1AF9E98

broni · 2010/10/01

You have some McAfee and AVG leftovers.
Please run:
- McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
- AVG Remover: http://www.avg.com/us-en/download-tools
Post fresh Combofix log.

tvjohns · 2010/10/04

Have run McAfee Consumer Product Removal Tool & AVG Remover. Also just ran "fresh Combofix." Here's the new Combofix log:

ComboFix 10-10-04.01 - Timothy 10/04/2010 22:45:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1981.1189 [GMT -5:00]
Running from: c:\users\Timothy\Desktop\ComboFix.exe
FW: Vista Firewall Control *disabled* {C83D5A86-CCB1-40EB-BD6D-E0BA16353295}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-05 03:54 . 2010-10-05 03:54 -------- d-----w- c:\users\Timothy\AppData\Local\temp
2010-10-05 03:54 . 2010-10-05 03:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-05 03:54 . 2010-10-05 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-01 01:52 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll
2010-09-22 16:48 . 2010-09-22 16:48 -------- d-----w- c:\users\Timothy\AppData\Roaming\Malwarebytes
2010-09-22 16:48 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 16:48 . 2010-09-22 16:48 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 16:48 . 2010-09-27 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 16:48 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 18:44 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-20 18:44 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-20 18:44 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-20 18:44 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-20 18:44 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-20 18:43 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-20 18:43 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-20 17:58 . 2010-09-20 17:58 -------- d-----w- c:\program files\AVG
2010-09-20 17:57 . 2010-09-20 18:09 -------- d-----w- c:\programdata\avg9
2010-09-20 14:35 . 2010-09-20 14:35 -------- d-----w- c:\program files\VS Revo Group
2010-09-19 20:03 . 2010-09-19 20:03 -------- d-----w- c:\programdata\Alwil Software
2010-09-09 00:23 . 2010-09-09 00:23 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 12:47 . 2007-06-14 03:06 -------- d-----w- c:\users\Timothy\AppData\Roaming\Thunderbird
2010-10-02 12:47 . 2007-06-14 03:06 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-10-01 23:12 . 2008-05-05 22:58 -------- d-----w- c:\program files\Essentials Codec Pack
2010-10-01 02:45 . 2007-06-15 15:08 -------- d-----w- c:\program files\QuickTime Alternative
2010-09-28 00:04 . 2007-03-17 00:46 -------- d-----w- c:\program files\Google
2010-09-24 21:35 . 2008-07-17 17:24 -------- d-----w- c:\users\Timothy\AppData\Roaming\uTorrent
2010-09-19 20:06 . 2007-06-16 19:34 -------- d-----w- c:\program files\Alwil Software
2010-09-08 21:54 . 2007-03-17 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 05:08 . 2010-08-21 05:07 -------- d-----w- c:\program files\IZArc
2010-08-21 03:14 . 2010-08-21 03:14 -------- d-----w- c:\program files\7-Zip
2010-08-07 13:13 . 2010-08-07 13:12 -------- d-----w- c:\programdata\PCPitstop
2010-08-07 13:12 . 2010-08-07 13:12 -------- d-----w- c:\program files\PCPitstop
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Rainlendar2 "= "c:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Rainlendar2 "= "c:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Media Codec Update Service "= "c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail "= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification "= 0 (0x0)
"HideSCABattery "= 0 (0x0)
"HideSCANetwork "= 0 (0x0)
"HideSCAVolume "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-15 23:20 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\microsoft shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 16:14 443728 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder]
2009-06-10 20:26 205552 ----a-w- c:\program files\PCPitstop\Optimize3\Reminder-Optimize3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2008-11-15 01:08 83232 ----a-w- c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2000-06-18 19:03 106544 ----a-w- c:\windows\System32\TWEAKUI.CPL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3777651122-2117734261-3338017706-1000]
"EnableNotificationsRef "=dword:00000003
"EnableNotifications "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3777651122-2117734261-3338017706-500]
"EnableNotificationsRef "=dword:00000002

R2 gupdate1c9b096df02f6b;Google Update Service (gupdate1c9b096df02f6b);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-04-26 90352]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe [2007-06-14 598960]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 354816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 17:44]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 17:44]

2010-10-05 c:\windows\Tasks\User_Feed_Synchronization-{63FCD27C-7927-41DA-BAB8-30F16C6499BD}.job
- c:\windows\system32\msfeedssync.exe [2009-11-23 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: {8FED5479-73C3-4831-83DB-F8ECE3F4DA8E} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,09,77,d3,3c,86,4d,44,99,a7,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,09,77,d3,3c,86,4d,44,99,a7,06,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-10-04 22:57:13
ComboFix-quarantined-files.txt 2010-10-05 03:57
ComboFix2.txt 2010-10-02 02:21

Pre-Run: 63,452,508,160 bytes free
Post-Run: 63,429,971,968 bytes free

- - End Of File - - EA39B87DD4F8CDBB3FDE891A48BEBB40

broni · 2010/10/04

It looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

tvjohns · 2010/10/05

Under the Custom Scan box paste this in:

Just to be sure I understand — paste in ALL of this long string of entries in red type face preceded by % symbol ?

tvjohns · 2010/10/05

I just ran OTL by clicking on it and choosing "Run Scan" rather than 'Quick Scan." I did run "Quick Scan" under Custom Scan box, pasting in the list of % files as you told me. I just tried copying in and sending you both OTL.txt and Extras.txt files in this Quick Reply box. Quick reply could not accept both or either of them. Instead I got a "Please follow our Posting Rules" notice saying they were too many characters too large.

What should I do?

broni · 2010/10/05

You have to split logs between couple of replies.

tvjohns · 2010/10/06

OTL log part 1
OTL logfile created on: 10/5/2010 4:27:42 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Timothy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.29 Gb Total Space | 59.36 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 3.29 Gb Free Space | 33.74% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 11.74 Gb Free Space | 5.04% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 1.61 Gb Free Space | 85.99% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TIMOTHY-PC
Current User Name: Timothy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 07:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/03/02 21:38:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/06/14 03:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/04/15 01:31:34 | 001,291,264 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2010/10/05 07:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/04/26 14:29:24 | 000,090,352 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/10/15 18:20:08 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/14 03:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Timothy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/03/12 17:49:30 | 000,354,816 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2007/01/26 03:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/01/02 19:44:30 | 000,649,216 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/17 17:22:02 | 000,181,176 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:49 | 000,108,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT3707

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/12 20:48:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2010/02/05 13:18:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/30 21:45:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/30 21:45:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/02 07:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/02 07:47:58 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions
[2010/10/02 07:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/29 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\6revo64t.ReDo 01\extensions
[2010/04/29 20:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\6revo64t.ReDo 01\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/04 16:51:42 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions
[2010/05/18 21:07:01 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/08/27 17:45:12 | 000,000,000 | ---D | M] (deskCut) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
[2009/08/02 23:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2009/11/19 00:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/08/27 17:45:13 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/06/18 03:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/08/02 22:18:13 | 000,000,000 | ---D | M] (Aeon) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2010/09/29 08:26:02 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\autofillForms@blueimp.net
[2010/01/21 20:10:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\taboo@runningfrombears.com
[2010/07/31 18:06:47 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\bknhjd23.Tim's Profile\extensions\YoutubeDownloader@PeterOlayev.com
[2010/05/08 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions
[2010/04/30 01:33:54 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/04/29 14:43:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/01 15:31:40 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/05/01 15:31:32 | 000,000,000 | ---D | M] (deskCut) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
[2009/07/28 00:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2010/04/30 01:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/05/01 15:31:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/05/01 15:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/07/27 22:00:46 | 000,000,000 | ---D | M] (Aeon) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2009/07/28 00:43:06 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\autofillForms@blueimp.net
[2010/05/01 15:31:42 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\taboo@runningfrombears.com
[2010/04/29 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\lgfmn6ec.Tim User\extensions\YoutubeDownloader@PeterOlayev.com
[2010/04/29 19:44:33 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\zx39zvl4.User2010_4_29\extensions
[2008/11/26 23:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 15:37:05 | 000,005,961 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\The Free Dictionary.xml

O1 HOSTS File: ([2010/10/01 21:18:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (iFinger plugin / Browser helper object) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Program Files\iFinger\plugins\IE.ifp (iFinger Ltd)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Timothy\Pictures\My Pictures\Haylee Portrait redEye fixed 04.jpg
O24 - Desktop BackupWallPaper: C:\Users\Timothy\Pictures\My Pictures\Haylee Portrait redEye fixed 04.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

tvjohns · 2010/10/06

OTL Log Part 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 07:43:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2010/10/04 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\temp
[2010/10/04 22:55:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/04 22:41:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/01 21:06:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/01 21:06:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/01 21:06:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/30 20:25:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/09/29 21:42:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/29 21:40:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/22 11:48:42 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Malwarebytes
[2010/09/22 11:48:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/22 11:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/22 11:48:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/22 11:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/20 13:44:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/20 13:44:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/20 13:44:08 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/20 13:44:05 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/20 13:44:04 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/20 13:43:44 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/20 13:43:43 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/20 12:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/09/20 12:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/09/20 09:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/09/19 15:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/18 18:08:25 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\MikeStuff
[2010/09/08 19:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/29 23:30:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AbiSuite
[2010/08/21 00:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\IZArc
[2010/08/20 22:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/07 08:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/08/07 08:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/07/16 11:55:24 | 000,000,000 | R--D | C] -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\MY STUFF
[2010/07/09 11:32:47 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\QPPriv
[2007/05/17 04:11:04 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdkpmui.dll
[2007/05/17 04:08:00 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdkserv.dll
[2007/05/17 04:03:04 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdkinpa.dll
[2007/05/17 04:02:58 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdklmpm.dll
[2007/05/17 04:02:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdkcomm.dll
[2007/05/17 04:01:22 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdkhbn3.dll
[2007/05/17 04:00:42 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdkusb1.dll
[2007/05/17 04:00:30 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdkcomc.dll
[2007/05/17 03:59:12 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdkprox.dll
[2007/05/17 03:57:02 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdkiesc.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/05 16:30:45 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63FCD27C-7927-41DA-BAB8-30F16C6499BD}.job
[2010/10/05 16:21:18 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 16:21:18 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 16:20:39 | 004,194,304 | -HS- | M] () -- C:\Users\Timothy\ntuser.dat
[2010/10/05 15:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 14:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 07:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2010/10/04 23:01:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/04 22:54:18 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/04 22:40:55 | 003,861,166 | R--- | M] () -- C:\Users\Timothy\Desktop\ComboFix.exe
[2010/10/04 22:34:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/04 22:34:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 22:32:30 | 000,524,288 | -HS- | M] () -- C:\Users\Timothy\ntuser.dat{7fe1bafb-5a43-11de-b8ef-0003254566a1}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 22:32:30 | 000,065,536 | -HS- | M] () -- C:\Users\Timothy\ntuser.dat{7fe1bafb-5a43-11de-b8ef-0003254566a1}.TM.blf
[2010/10/04 22:32:05 | 004,116,071 | -H-- | M] () -- C:\Users\Timothy\AppData\Local\IconCache.db
[2010/10/01 22:05:43 | 000,000,945 | ---- | M] () -- C:\Users\Timothy\Desktop\# Malware and Virus Removal Forum.lnk
[2010/10/01 21:18:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/30 21:45:07 | 000,001,130 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2010/09/27 07:42:07 | 000,000,842 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/22 15:59:16 | 257,026,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/22 10:44:44 | 000,000,548 | ---- | M] () -- C:\Users\Timothy\Desktop\COMPAQ ANTI-MALWARE APPS.lnk
[2010/09/20 13:44:12 | 000,001,840 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2010/09/20 13:44:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/20 12:20:07 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/20 12:20:07 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/20 12:20:07 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/16 22:49:13 | 000,171,520 | ---- | M] () -- C:\Users\Timothy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 08:19:18 | 000,000,885 | ---- | M] () -- C:\Users\Timothy\Desktop\Frank Frye PDFs.lnk
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 10:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 09:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/04 20:33:36 | 000,001,164 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\MY ESSENTIAL APPS.lnk
[2010/08/21 00:07:33 | 000,001,638 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\IZArc.lnk
[2010/08/07 08:12:50 | 000,001,790 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Pitstop Optimize3.lnk
[2010/07/27 08:10:33 | 004,374,684 | ---- | M] () -- C:\Users\Timothy\Desktop\OldBarns1.wmv
[2010/07/07 21:08:29 | 000,000,854 | ---- | M] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\TINY TIMER.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 22:05:43 | 000,000,945 | ---- | C] () -- C:\Users\Timothy\Desktop\# Malware and Virus Removal Forum.lnk
[2010/10/01 21:06:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/01 21:06:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/01 21:06:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/01 21:06:11 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/01 21:06:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/30 20:52:45 | 000,001,130 | ---- | C] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2010/09/27 08:10:07 | 003,861,166 | R--- | C] () -- C:\Users\Timothy\Desktop\ComboFix.exe
[2010/09/22 12:33:19 | 257,026,561 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/22 11:48:23 | 000,000,842 | ---- | C] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/22 10:44:44 | 000,000,548 | ---- | C] () -- C:\Users\Timothy\Desktop\COMPAQ ANTI-MALWARE APPS.lnk
[2010/09/20 13:44:12 | 000,001,840 | ---- | C] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk
[2010/09/10 08:19:18 | 000,000,885 | ---- | C] () -- C:\Users\Timothy\Desktop\Frank Frye PDFs.lnk
[2010/08/21 00:07:33 | 000,001,638 | ---- | C] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\IZArc.lnk
[2010/08/07 08:12:50 | 000,001,790 | ---- | C] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Pitstop Optimize3.lnk
[2010/07/28 16:45:59 | 000,001,910 | ---- | C] () -- C:\Users\Timothy\Desktop\0 0 0 0 Solitaire.lnk
[2010/07/27 08:10:41 | 004,374,684 | ---- | C] () -- C:\Users\Timothy\Desktop\OldBarns1.wmv
[2010/07/07 21:08:29 | 000,000,854 | ---- | C] () -- C:\Users\Timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\TINY TIMER.lnk
[2010/03/04 01:43:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/22 11:20:01 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT09.ini
[2010/02/05 18:17:49 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BEBBD2573B.sys
[2010/02/05 13:25:19 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/12/26 15:25:01 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/07 13:19:41 | 000,000,680 | ---- | C] () -- C:\Users\Timothy\AppData\Local\d3d9caps.dat
[2009/08/12 21:56:59 | 000,000,047 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/08/12 20:15:31 | 000,000,781 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/02/28 12:34:24 | 000,000,057 | ---- | C] () -- C:\Windows\TaxACT08.ini
[2008/11/11 01:07:54 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/09/22 17:11:29 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2008/07/31 15:49:02 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2008/07/26 20:12:13 | 000,010,852 | ---- | C] () -- C:\ProgramData\lxdk
[2008/07/16 23:05:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/07/16 22:02:34 | 000,000,044 | ---- | C] () -- C:\Windows\EPR220.ini
[2008/07/15 20:22:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdkoem.dll
[2007/08/04 16:11:49 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/04 16:11:46 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/08/04 16:11:46 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/08/04 16:11:45 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/04 16:11:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/08/04 16:11:42 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/06/28 16:45:58 | 000,087,808 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/06/16 13:57:53 | 000,023,888 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\UserTile.png
[2007/06/08 10:11:59 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/07 15:51:57 | 000,000,094 | ---- | C] () -- C:\Users\Timothy\AppData\Roaming\wklnhst.dat
[2007/06/07 15:13:14 | 000,171,520 | ---- | C] () -- C:\Users\Timothy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/05 22:25:46 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdkgrd.dll
[2007/05/03 05:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdkcoin.dll
[2007/03/16 19:59:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/31 15:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdkvs.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/07/25 09:34:59 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\5300 Series
[2008/07/25 21:05:07 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Ashampoo
[2007/06/19 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Bret Taylor
[2008/12/02 00:04:23 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Bullzip
[2009/07/08 23:48:19 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\FileZilla
[2008/09/02 19:09:48 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\GetRightToGo
[2007/06/19 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\IrfanView
[2009/08/04 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\KompoZer
[2008/08/04 13:26:37 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Leadertech
[2009/06/26 20:25:10 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Lexmark Productivity Studio
[2007/06/07 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\SampleView
[2009/07/10 20:48:16 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Serif
[2008/05/21 23:43:39 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\stickies
[2008/04/04 23:37:55 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\SumatraPDF
[2007/06/07 15:52:36 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Template
[2010/10/02 07:47:57 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Thunderbird
[2010/09/24 16:35:47 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2009/12/07 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\WildTangent
[2010/10/04 22:32:07 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/05 16:30:45 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{63FCD27C-7927-41DA-BAB8-30F16C6499BD}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 02:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/06/11 19:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/04 22:57:13 | 000,011,667 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/04/19 16:04:43 | 000,000,311 | ---- | M] () -- C:\faxend.log
[2009/04/19 16:04:43 | 000,000,162 | ---- | M] () -- C:\faxendPdoc.log
[2009/04/19 16:04:42 | 000,000,248 | ---- | M] () -- C:\faxfile.log
[2007/06/12 15:42:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/06/12 15:42:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/04 22:33:31 | 2392,211,456 | -HS- | M] () -- C:\pagefile.sys
[2007/03/16 19:45:40 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2007/11/18 11:38:44 | 000,000,138 | ---- | M] () -- C:\Quick Restore Point.vbs

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/10/28 12:49:30 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp696.dll
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/06/26 23:01:44 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/22 20:27:36 | 000,000,612 | -HS- | M] () -- C:\Users\Timothy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/04 22:40:55 | 003,861,166 | R--- | M] () -- C:\Users\Timothy\Desktop\ComboFix.exe
[2010/10/05 07:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/06/26 23:00:17 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/06/26 22:59:47 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/06/26 22:59:46 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/06/26 22:59:47 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/06/26 22:59:46 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/06/26 22:59:47 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/09 11:36:48 | 000,000,540 | ---- | M] () -- C:\Users\Timothy\Favorites\0 0 My Library.lnk
[2010/09/09 11:36:48 | 000,000,825 | ---- | M] () -- C:\Users\Timothy\Favorites\CHURCH.LNK
[2010/09/09 11:36:48 | 000,000,104 | ---- | M] () -- C:\Users\Timothy\Favorites\Computer.LNK
[2007/09/01 12:21:29 | 000,000,402 | -HS- | M] () -- C:\Users\Timothy\Favorites\desktop.ini
[2010/09/09 11:36:48 | 000,000,406 | ---- | M] () -- C:\Users\Timothy\Favorites\DOWNLOADS.LNK
[2010/09/09 11:36:48 | 000,000,812 | ---- | M] () -- C:\Users\Timothy\Favorites\FORMS.LNK
[2010/09/09 11:36:48 | 000,000,759 | ---- | M] () -- C:\Users\Timothy\Favorites\GATEWAY OEM PDF USER MANUALS.lnk
[2010/09/09 11:36:48 | 000,000,986 | ---- | M] () -- C:\Users\Timothy\Favorites\J.R.R. Tolkien.LNK
[2010/09/09 11:36:48 | 000,000,377 | ---- | M] () -- C:\Users\Timothy\Favorites\SAVE.lnk
[2010/09/09 11:36:48 | 000,134,144 | ---- | M] () -- C:\Users\Timothy\Favorites\Schedule October 2008.doc
[2010/09/09 11:36:48 | 000,130,560 | ---- | M] () -- C:\Users\Timothy\Favorites\Schedule September 2008.doc
[2010/09/09 11:36:48 | 000,000,722 | ---- | M] () -- C:\Users\Timothy\Favorites\STOREHOUSE.LNK
[2010/09/09 11:36:48 | 000,000,284 | ---- | M] () -- C:\Users\Timothy\Favorites\WD Backup (F).LNK
[2010/09/09 11:36:48 | 000,000,830 | ---- | M] () -- C:\Users\Timothy\Favorites\WRITING.LNK

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/02/05 18:17:49 | 000,000,008 | RHS- | M] () -- C:\ProgramData\BEBBD2573B.sys
[2009/08/12 20:58:29 | 000,000,781 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/06/22 10:09:09 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/04 08:40:52 | 000,010,852 | ---- | M] () -- C:\ProgramData\lxdk
[2010/10/04 23:01:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-23 02:59:30

< End of report >

Log in or Sign up

Solved Vista Laptop Problem Like Brother's Compaq Desktop

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Vista Laptop Problem Like Brother's Compaq Desktop

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

broni Moderator Malware Analyst

tvjohns Inactive Thread Starter

tvjohns Inactive Thread Starter

Share This Page

Useful Searches