Active IExplorer Button Not Functioning...

CALBEAR · 2010/12/28

[Active] IExplorer Button Not Functioning...

HP Pavillion dv-4 Notebook/Windows vista Home 64-bit/Intel Core 2 Duo/2 GHz/4GB RAMHD 320GB/COMODO Firewall

Hello...I apologize in advance for my ignorance. I'm not sure what is happening, but it started with an inability to access the internet via the IExplorer button. I am able to navigate the internet via previously open windows, but have been afraid to shut down and reboot for fear that I would not be able to access the internet after the reboot.

I have downloaded ad-aware/avast/SUPERAntiSpyware, but they will not execute/run when I click on them. In addition, I am not able to access my Control Panel, it will not open when I click on it. Can not open the task manager either; can not download any windows updates.

I downloaded "tdsskiller" and it will not open/run...Im' not sure what to do from here?? Any help will be greatly appreciated!

crunchie · 2010/12/28

Hi and welcome to WindowsBBS forums .

====

Please read the directions given here and when done, post the requested logs.
Please paste the logs, do not attach them.

CALBEAR · 2010/12/28

Hello...I am able to download these programs to my folders, but most will not run. I am not able to run a MBAM or tdsskiller. dds just gives a black screen...MBR prints a log but I am not able to open it on my desk top? (I have typed it below). I have tried to run them remotely and download and run, but no luck. I tried to create a rescue disk via Avira, but was not able to do this either...It said "I did not have permission to Save to my Drive "? Also tried to run a HijackThis log without success.

MBR:
Size Device Name MBR Status
298 GB \\.\Physical Drive 0 Unknown MBR Code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C

Found non-Standard or infected MBR

OPTIONS:
[1] Dump the MBR of a physical disk to file
[2] Restore the MBR of a physical disk with a standard boot code
[3] Exit.

crunchie · 2010/12/28

Try this please:

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

==============

Have you tried those tools in safe mode?

CALBEAR · 2010/12/28

"crunchie said: ↑

Have you tried those tools in safe mode?
Click to expand...

Hello Crunchie...No, I have not tried in Safe mode. I have been afraid to shut down as I am not able to access the Iexplorer to access the internet. Am afraid I will not be able to log back on. I need to use the computer for some business and do not have another computer available. Currently I am accessing various websites through windows that I had previously opened, prior to the problem. If I close all these windows, I will not have internet capabilities; and not be able to contact you... Is there a way to access the internet other than the Iexplorer button? I can not access my "Control Panel" or "Programs" When I click on them, the windows wheel starts spinning next to the arrow cursor, but nothing happens.

I tried to run a Safety scan from the Windows Live Onecare website to determine if I had a virus, and identify it; but this was not successful. I got to a point in the download: "OneCare Safety Scanner" and the process stopped at: "Status: Downloading Scanning Tools "...Process stopped at this point. Also tried to run Panda Active Scan 2.0, but got the following message while downloading: "We're sorry. The download could not be completed due to an error. Please try again. "

I am nervous about possibly having the "Sality " trojan, as I have similiar problems to the person that posted on this forum about it..Broni posted it as incurable; and I would not be capable of fixing it, because I was not able to understand the whole process as outlined by Broni.

I downloaded NTBR but could not get it to run. Sorry, I'm not very knowledgeable in this area. Thanks for your time and help so far...

crunchie · 2010/12/28

Try this;

Please right click on hijackthis.exe and select Rename. Change the name to analysethis and hit the Enter key.
Re-run Hijackthis and save the log and post it back here.

CALBEAR · 2010/12/28

Thanks Crunchie...But no luck. Re-Named and tried to run but no go.

crunchie · 2010/12/28

Try changing the extension to .com and try again.

CALBEAR · 2010/12/28

Changed and still not responding. I tried to "Run As Administrator "/ "Open "/and Double clicking the icon...None worked. Just got the spinning wheel above the arrow cursor for a few seconds...then it stops, with nothing opening.

crunchie · 2010/12/28

Open Internet Explorer and go to Tools > Internet Options and then go to the connections Tab and then Lan Settings. Place a tick in the Automatically detect settings box and hit OK.
Go to the Advanced Tab and hit the reset button and apply and OK out.
Are you able to access web sites with new IE Tabs/Windows now?

CALBEAR · 2010/12/28

When I opened the tab and changed to Automatically detect settings...I got the following alert from COMODO Firewal: rundll32.exe is trying to execute comctl32.dll Comctl32.dll could not be recognized.

When I hit the reset button a box opened and told me to close all my open windows...If I do this I may have no internet access as I will be unable to open Iexplorer. I need to have the internet for a few more hours to complete some correspondence.

In addition, if I am not able to access the net I will be unable to communicate with you, as I have no back up computer and live in a rural area without a library or other method of obtaining a computer or internet access. Sorry, I know you are trying to help me, to help you, figure this out...LOL!

crunchie · 2010/12/28

How about you finish what you need to do and then we will carry on

CALBEAR · 2010/12/28

Feel relieved...After I finish up, I will make the changes in internet options, and "Hopefully" be able to post the results.

CALBEAR · 2010/12/28

Hey Crunchie...So I was NOT able to do the reset in Internet Options. So I decided to shut down and reboot. Was unable to do the standard shut down so had to just push the off button. Took me five or six attempts to log back on, but finally made it. Hit F8 to enter Safe Mode and was able to run the processes you requested. Here are the results:

1-MalwareBytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18975

12/29/2010 12:13:47 AM
mbam-log-2010-12-29 (00-13-47).txt

Scan type: Quick scan
Objects scanned: 154804
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avSofT (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avSofT (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2-GMER
Unable to Run this, was tried in Safe mode.
Error Message: GMER.exeis not a valid WIN32 application.

3-MBRCheck Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Compal
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 164):
0x02419000 \SystemRoot\system32\ntoskrnl.exe
0x02931000 \SystemRoot\system32\hal.dll
0x00606000 \SystemRoot\system32\kdcom.dll
0x00610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x0063D000 \SystemRoot\system32\PSHED.dll
0x00651000 \SystemRoot\system32\CLFS.SYS
0x006AE000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F3000 \SystemRoot\system32\drivers\acpi.sys
0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095C000 \SystemRoot\system32\drivers\pci.sys
0x0098C000 \SystemRoot\system32\drivers\isapnp.sys
0x00995000 \SystemRoot\system32\drivers\mpio.sys
0x009B7000 \SystemRoot\System32\drivers\partmgr.sys
0x009CC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009D0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009DC000 \SystemRoot\system32\drivers\volmgr.sys
0x00760000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F0000 \SystemRoot\system32\drivers\intelide.sys
0x007C6000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009F8000 \SystemRoot\system32\drivers\pciide.sys
0x00800000 \SystemRoot\system32\drivers\aliide.sys
0x007D6000 \SystemRoot\system32\drivers\amdide.sys
0x007DD000 \SystemRoot\system32\drivers\cmdide.sys
0x007E5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A0A000 \SystemRoot\system32\drivers\msdsm.sys
0x00A28000 \SystemRoot\system32\drivers\nvraid.sys
0x00A4B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A77000 \SystemRoot\system32\drivers\viaide.sys
0x00A7F000 \SystemRoot\system32\drivers\iastorv.sys
0x00B46000 \SystemRoot\system32\drivers\atapi.sys
0x00B4E000 \SystemRoot\system32\drivers\ataport.SYS
0x00B72000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00B90000 \SystemRoot\system32\drivers\storport.sys
0x00BED000 \SystemRoot\system32\drivers\nvstor.sys
0x00A00000 \SystemRoot\system32\drivers\msahci.sys
0x00C0A000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C18000 \SystemRoot\system32\drivers\adp94xx.sys
0x00C91000 \SystemRoot\system32\drivers\adpahci.sys
0x00CE7000 \SystemRoot\system32\drivers\adpu160m.sys
0x00D08000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D36000 \SystemRoot\system32\drivers\adpu320.sys
0x00D65000 \SystemRoot\system32\drivers\djsvs.sys
0x00D7D000 \SystemRoot\system32\drivers\arc.sys
0x00D96000 \SystemRoot\system32\drivers\arcsas.sys
0x00E0C000 \SystemRoot\system32\drivers\elxstor.sys
0x00EAF000 \SystemRoot\system32\drivers\i2omp.sys
0x00EBA000 \SystemRoot\system32\drivers\iirsp.sys
0x00ECB000 \SystemRoot\system32\drivers\iteatapi.sys
0x00ED8000 \SystemRoot\system32\drivers\iteraid.sys
0x00EE5000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00F03000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F1F000 \SystemRoot\system32\drivers\megasas.sys
0x00F2B000 \SystemRoot\system32\drivers\megasr.sys
0x00FF2000 \SystemRoot\system32\drivers\mraid35x.sys
0x00DAF000 \SystemRoot\system32\drivers\nfrd960.sys
0x0100A000 \SystemRoot\system32\drivers\ql2300.sys
0x0115C000 \SystemRoot\system32\drivers\ql40xx.sys
0x011BA000 \SystemRoot\system32\drivers\sisraid2.sys
0x011C8000 \SystemRoot\system32\drivers\sisraid4.sys
0x011DE000 \SystemRoot\system32\drivers\symc8xx.sys
0x011EC000 \SystemRoot\system32\drivers\sym_hi.sys
0x00DBF000 \SystemRoot\system32\drivers\sym_u3.sys
0x01203000 \SystemRoot\system32\drivers\uliahci.sys
0x0124C000 \SystemRoot\system32\drivers\ulsata.sys
0x0127B000 \SystemRoot\system32\drivers\ulsata2.sys
0x012BD000 \SystemRoot\system32\drivers\vsmraid.sys
0x012E4000 \SystemRoot\system32\drivers\fltmgr.sys
0x0132A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0133E000 \SystemRoot\system32\DRIVERS\CMGShCEF.sys
0x013B7000 \SystemRoot\system32\DRIVERS\CmgCrypt.SYS
0x0140F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01603000 \SystemRoot\system32\drivers\ndis.sys
0x01496000 \SystemRoot\system32\drivers\msrpc.sys
0x014E6000 \SystemRoot\system32\drivers\NETIO.SYS
0x01807000 \SystemRoot\System32\drivers\tcpip.sys
0x0197B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B85000 \SystemRoot\system32\drivers\wd.sys
0x01B8D000 \SystemRoot\system32\drivers\volsnap.sys
0x01BD9000 \SystemRoot\system32\drivers\sbp2port.sys
0x019A7000 \SystemRoot\System32\Drivers\mup.sys
0x019B9000 \SystemRoot\System32\drivers\ecache.sys
0x01BF2000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x019E5000 \SystemRoot\system32\drivers\disk.sys
0x017C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x017F4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0153E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0154A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x01590000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x015A1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02C09000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0309B000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x030C6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x030DC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x030E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x030F6000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x0312A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03136000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03152000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0315F000 \SystemRoot\system32\DRIVERS\enecir.sys
0x0317B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03184000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x031BC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x031C9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x015B4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x015E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DCD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02A18000 \SystemRoot\system32\DRIVERS\inspect.sys
0x02A30000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02A42000 \SystemRoot\system32\DRIVERS\swenum.sys
0x02A44000 \SystemRoot\system32\DRIVERS\ks.sys
0x02A89000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02A94000 \SystemRoot\system32\DRIVERS\umbus.sys
0x02AA4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x02AEB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x02AFF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x02B09000 \SystemRoot\System32\Drivers\Null.SYS
0x02B12000 \SystemRoot\System32\drivers\vga.sys
0x02B20000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B45000 \SystemRoot\System32\drivers\watchdog.sys
0x02B54000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B5D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02B68000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02B79000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x02B82000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02B9F000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x02BA9000 \SystemRoot\system32\DRIVERS\smb.sys
0x02BC4000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x06403000 \SystemRoot\system32\drivers\afd.sys
0x06470000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x06479000 \SystemRoot\System32\DRIVERS\netbt.sys
0x064BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x064DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x064EA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x06538000 \SystemRoot\system32\drivers\nsiproxy.sys
0x06544000 \SystemRoot\System32\Drivers\dfsc.sys
0x06561000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0656A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0657C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06584000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06586000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06591000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x065AD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x065BB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x065C7000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x065D1000 \SystemRoot\System32\drivers\Dxapi.sys
0x004F0000 \SystemRoot\System32\drivers\dxg.sys
0x00630000 \SystemRoot\System32\TSDDD.dll
0x008D0000 \SystemRoot\System32\framebuf.dll
0x06A06000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06A3A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06A45000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06A63000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06A7D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06AA6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06AEF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06B0E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77260000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
556 csrss.exe
592 csrss.exe
600 C:\Windows\System32\wininit.exe
636 C:\Windows\System32\winlogon.exe
676 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
900 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\svchost.exe
1436 C:\Windows\explorer.exe
884 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1136 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1460 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1468 C:\Users\BIG T\Desktop\New Folder\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`c2900000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:
Done!

4-DDS Logs
...Continued Next Page

CALBEAR · 2010/12/28

4-DDS Logs

1...DDS.TXT LOG

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by BIG T at 0:36:47.37 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.4059.3277 [GMT -5:00]

AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\BIG T\Desktop\New Folder\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)

\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)

\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)

\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)

\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)

\Java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN

Toolbar\Platform\4.0.0417.0\npwinext.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)

\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN

Toolbar\Platform\4.0.0417.0\npwinext.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)

\vShare\vshare_toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)

\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe"

"C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0 "
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe "
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe"

/Start
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
mRun: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe "
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0

\Reader\Reader_sl.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-

Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\BIGT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1

\Programs\Startup\NIKONM~1.LNK - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - C:\Program

Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -

hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05

-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} -

hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05

-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)

\vShare\vshare_toolbar.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common

Files\LightScribe\LSRunOnce.exe "
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe"

-h
mRun-x64: [EmsService] EmsServiceHelper.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
AppInit_DLLs-X64: C:\Windows\system32\guard64.dll

============= SERVICES / DRIVERS ===============

R0 CmgShieldCEF;CmgShieldCEF;C:\Windows\System32\drivers\CMGShCEF.sys [2009-7-31 338544]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2008-10

-31 27152]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64

Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
S1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2008-10-31 89680]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys

[2008-10-31 89104]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32

\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-3-2 89600]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2008-10-31 22096]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2008-10-31 65616]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-10

-31 138680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe

[2008-6-25 361808]
S2 sprtlisten;SupportSoft Listener Service;C:\Program Files (x86)\Common

Files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)

\Viewpoint\Common\ViewpointService.exe [2008-10-26 24652]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

[2008-10-31 254040]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

[2008-10-31 352920]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch

Buttons\Com4QLBEx.exe [2008-6-25 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32

\drivers\IntcHdmi.sys [2008-6-4 129536]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-17 143248]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTDLBus;PANTECH UM175AL Composite Device Driver;C:\Windows\System32\drivers\PTDLBus.sys [2008

-10-26 66304]
S3 PTDLMdm;PANTECH UM175AL Drivers;C:\Windows\System32\drivers\PTDLMdm.sys [2008-10-26 70784]
S3 PTDLVsp;PANTECH UM175AL Diagnostic Port;C:\Windows\System32\drivers\PTDLVsp.sys [2008-10-26

66688]
S3 PTDLWWAN;PANTECH UM175AL WWAN Driver;C:\Windows\System32\drivers\PTDLWWAN.sys [2008-10-26

84480]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2008-10-9 5120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18

1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN

v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-9 93184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-29 05:03:58 -------- d-----w- C:\Users\BIGT~1

\AppData\Roaming\Malwarebytes
2010-12-29 05:03:19 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-29 05:03:18 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-29 05:03:15 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-29 05:03:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes'

Anti-Malware
2010-12-20 04:33:13 -------- d-----w- C:\Users\BIGT~1

\AppData\Roaming\iScreensaver
2010-12-20 04:31:59 36352 ---ha-w- C:\Users\BIGT~1

\AppData\Roaming\MBSFolderitemsPlugin3542.dll
2010-12-20 04:31:58 48640 ---ha-w- C:\Users\BIGT~1

\AppData\Roaming\MBSResPlugin3542.dll
2010-12-20 04:31:58 30720 ---ha-w- C:\Users\BIGT~1

\AppData\Roaming\MBSMemoryPlugin3542.dll
2010-12-20 04:31:57 44032 ---ha-w- C:\Users\BIGT~1

\AppData\Roaming\MBSMainPlugin3542.dll
2010-12-20 04:31:55 25600 ---ha-w- C:\Users\BIGT~1

\AppData\Roaming\MBSVersionPlugin3581.dll
2010-12-07 21:19:59 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-12-07 21:19:59 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-12-07 20:51:27 267776 ----a-w- C:\Windows\System32\spoolsv.exe
2010-12-07 20:50:22 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-12-07 20:50:12 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-12-07 20:50:11 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-12-07 20:50:11 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-12-07 20:50:11 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-12-07 20:50:10 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-12-07 20:50:10 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-12-07 20:50:09 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-12-07 20:50:09 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-12-07 20:49:25 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-12-07 20:49:24 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-12-07 20:49:23 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-12-07 20:49:22 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-12-07 20:49:17 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-12-07 20:49:17 2409784 ----a-w- C:\Program Files (x86)\Windows

Mail\OESpamFilter.dat
2010-12-07 20:47:55 171008 ----a-w- C:\Program Files\Windows Media

Player\wmplayer.exe
2010-12-07 20:47:54 168960 ----a-w- C:\Program Files (x86)\Windows Media

Player\wmplayer.exe
2010-12-07 20:47:35 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-12-07 20:47:28 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-12-07 20:46:35 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-12-07 20:46:35 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-12-07 20:44:37 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-07 20:44:37 7680 ----a-w- C:\Program Files (x86)\Internet

Explorer\iecompat.dll
2010-12-07 20:44:35 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2010-12-07 20:44:34 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2010-12-07 20:44:28 317952 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
2010-12-07 20:44:27 295424 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2010-12-07 20:33:49 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-12-07 20:33:49 274432 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-12-07 20:30:21 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-12-07 20:30:21 1090048 ----a-w- C:\Windows\System32\wmpmde.dll

==================== Find3M ====================

============= FINISH: 0:37:42.81 ===============

2...ATTACH.TXT LOG

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2008 6:03:30 AM
System Uptime: 12/28/2010 11:48:28 PM (1 hours ago)

Motherboard: Compal | | 30F7
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | CPU | 2261/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 253.238 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.851 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Actiontec Gateway
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
ArcSoft Panorama Maker 4
avast! Antivirus
Brother HL-2040
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
FanDraft Football v10.19(c)
FanDraft Football v9.26
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP RC Mirror Driver
HP Total Care Advisor
HP Update
HP User Guides 0101
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
IDT Audio
Java(TM) 6 Update 5
JMicron JMB38X Flash Media Controller
LabelPrint
LightScribe System Software 1.12.33.2
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nikon Message Center
Nikon Transfer
Power2Go
PowerDirector
PSSWCORE
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SmartWebPrinting
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VideoToolkit01
Viewpoint Media Player
vShare Plugin
Windows Live OneCare safety scanner

==== Event Viewer Messages From Past Week ========

12/28/2010 11:50:29 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: aswSP cmdGuard spldr Wanarpv6
12/28/2010 11:50:29 PM, Error: Service Control Manager [7001] - The Computer Browser service

depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
12/28/2010 11:49:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D

-F52A-11D8-B9A5-505054503030}
12/28/2010 11:49:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F

-AC08-4F1F-BEB7-5C22C517CE39}
12/28/2010 11:49:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service EventSystem with arguments " " in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
12/28/2010 11:49:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service ShellHWDetection with arguments " " in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
12/28/2010 11:49:02 PM, Error: EventLog [6008] - The previous system shutdown at 11:45:54 PM on

12/28/2010 was unexpected.
12/25/2010 9:00:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds)

was reached while waiting for a transaction response from the AudioSrv service.

==== End Of File ===========================

CALBEAR · 2010/12/28

5-HiJackThis LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:19 AM, on 12/29/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Users\BIG T\Desktop\New Folder\analysethis.com.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0 "
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EMS - Unknown owner - EMSService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11293 bytes

crunchie · 2010/12/28

We can fix the corrupt MBR, but because it is a laptop you may lose the option to return the laptop to it's original state.
Let me know if you want to go ahead.

Also, please uncheck wordwrap in notepad when saving those logs. The are difficult to read as posted.

==

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

CALBEAR · 2010/12/29

"crunchie said: ↑

We can fix the corrupt MBR, but because it is a laptop you may lose the option to return the laptop to it's original state.
Let me know if you want to go ahead.

Also, please uncheck wordwrap in notepad when saving those logs. The are difficult to read as posted.
Click to expand...

Not sure what you mean by "...may lose the option to return the laptop to it's original state." Does this mean I will lose information? What could/will change? What happens if we do not fix the corrupt MBR?

Should I do the OTL either way?

Thanks and sorry about the word wrap...I was wondering how you read through all those logs

crunchie · 2010/12/29

Laptops come with two partitions. 1 with the Windows OS on it and the other with facility to return the 1st partition back to it's original state.
When the MBR is re-written (to fix the corruption), it is likely that the 2nd partition will be lost.
The MBR needs to be fixed as that is one of the causes of your problems.

Please run OTL anyway.

CALBEAR · 2010/12/29

OTL.TXT

OTL logfile created on: 12/29/2010 1:59:45 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\BIG T\Desktop\New Folder
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.04 Gb Total Space | 253.21 Gb Free Space | 88.21% Space Free | Partition Type: NTFS
Drive D: | 11.05 Gb Total Space | 1.85 Gb Free Space | 16.75% Space Free | Partition Type: NTFS

Computer Name: CALBEAR | User Name: BIG T | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 01:19:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\BIG T\Desktop\New Folder\OTL.exe

========== Modules (SafeList) ==========

MOD - [2010/12/29 01:19:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\BIG T\Desktop\New Folder\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/07/31 09:37:34 | 001,429,352 | ---- | M] () [Unknown | Stopped] -- C:\Windows\SysNative\EmsService.exe -- (EMS)
SRV:64bit: - [2009/06/03 19:43:18 | 000,239,104 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/10/31 16:10:16 | 000,884,984 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/25 18:15:26 | 000,361,808 | ---- | M] () [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 11:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/11/24 17:50:05 | 000,022,096 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 17:49:56 | 000,065,616 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/07/31 09:42:30 | 000,338,544 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\CMGShCEF.sys -- (CmgShieldCEF)
DRV:64bit: - [2009/06/03 19:43:18 | 000,486,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/11/21 21:05:22 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/11/17 14:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/10/09 09:17:06 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2008/07/20 15:31:36 | 000,084,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLWWAN.sys -- (PTDLWWAN)
DRV:64bit: - [2008/07/20 15:31:34 | 000,066,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLVsp.sys -- (PTDLVsp)
DRV:64bit: - [2008/07/20 15:31:32 | 000,070,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLMdm.sys -- (PTDLMdm)
DRV:64bit: - [2008/07/20 15:31:30 | 000,066,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLBus.sys -- (PTDLBus)
DRV:64bit: - [2008/07/17 11:38:16 | 000,143,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/12 13:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 12:55:16 | 000,129,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/04/15 05:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/31 18:23:14 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 21:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 11:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/10 12:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/10 12:28:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4:64bit: - HKLM..\Run: [EmsService] C:\Windows\SysNative\EmsServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\BIG T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{257cb6fd-bcb2-11de-aa6a-001eec8b5b86}\Shell\access\command - " " = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{257cb6fd-bcb2-11de-aa6a-001eec8b5b86}\Shell\AutoRun\command - " " = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{360f5567-a37e-11dd-8209-001eec8b5b86}\Shell - " " = AutoRun
O33 - MountPoints2\{360f5567-a37e-11dd-8209-001eec8b5b86}\Shell\AutoRun\command - " " = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{360f5646-a37e-11dd-8209-001eec8b5b86}\Shell - " " = AutoRun
O33 - MountPoints2\{360f5646-a37e-11dd-8209-001eec8b5b86}\Shell\AutoRun\command - " " = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 00:03:58 | 000,000,000 | ---D | C] -- C:\Users\BIG T\AppData\Roaming\Malwarebytes
[2010/12/29 00:03:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/29 00:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/29 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/28 08:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/12/27 21:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/12/19 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\BIG T\AppData\Roaming\iScreensaver
[2010/12/07 16:57:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/29 00:05:17 | 000,000,732 | ---- | M] () -- C:\Users\BIG T\AppData\Local\d3d9caps64.dat
[2010/12/29 00:03:19 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/28 23:53:17 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/28 23:53:17 | 000,603,516 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/28 23:53:17 | 000,103,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/28 23:49:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/28 23:42:28 | 000,000,249 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/12/28 22:28:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 22:28:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/28 20:29:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\QuickConnectSupportTask.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 23:38:30 | 000,002,329 | ---- | M] () -- C:\Users\BIG T\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/12/19 23:31:59 | 000,048,640 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSResPlugin3542.dll
[2010/12/19 23:31:59 | 000,036,352 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSFolderitemsPlugin3542.dll
[2010/12/19 23:31:58 | 000,030,720 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSMemoryPlugin3542.dll
[2010/12/19 23:31:57 | 000,044,032 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSMainPlugin3542.dll
[2010/12/19 23:31:55 | 000,025,600 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSVersionPlugin3581.dll
[2010/12/19 23:31:44 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/12/07 17:24:20 | 000,000,260 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/07 17:22:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/07 16:58:26 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/07 16:50:58 | 000,308,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/29 00:05:17 | 000,000,732 | ---- | C] () -- C:\Users\BIG T\AppData\Local\d3d9caps64.dat
[2010/12/29 00:03:19 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 00:03:15 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 23:31:59 | 000,036,352 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSFolderitemsPlugin3542.dll
[2010/12/19 23:31:58 | 000,048,640 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSResPlugin3542.dll
[2010/12/19 23:31:58 | 000,030,720 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSMemoryPlugin3542.dll
[2010/12/19 23:31:57 | 000,044,032 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSMainPlugin3542.dll
[2010/12/19 23:31:55 | 000,025,600 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSVersionPlugin3581.dll
[2010/12/07 16:57:56 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/07 16:19:59 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/12/07 15:51:27 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/12/07 15:50:22 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/12/07 15:50:12 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/12/07 15:50:11 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2010/12/07 15:50:11 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/12/07 15:50:11 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/12/07 15:50:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2010/12/07 15:50:09 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/12/07 15:49:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/12/07 15:49:22 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/12/07 15:48:57 | 009,257,472 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/12/07 15:48:55 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/12/07 15:48:50 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/12/07 15:48:50 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/12/07 15:48:50 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/12/07 15:48:49 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/12/07 15:48:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010/12/07 15:48:47 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/12/07 15:48:45 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/12/07 15:48:45 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/12/07 15:48:44 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/12/07 15:48:44 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/12/07 15:48:43 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/12/07 15:48:43 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/12/07 15:48:42 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/12/07 15:48:42 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/12/07 15:48:42 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/12/07 15:48:41 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/07 15:48:41 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/12/07 15:48:38 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/07 15:48:38 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/12/07 15:48:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/07 15:48:35 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/07 15:48:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/12/07 15:48:04 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/12/07 15:47:28 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/12/07 15:45:52 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2010/12/07 15:45:45 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2010/12/07 15:45:41 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/12/07 15:45:38 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/12/07 15:45:34 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/12/07 15:45:14 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/12/07 15:44:35 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/12/07 15:44:30 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/12/07 15:44:27 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/12/07 15:33:49 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/12/07 15:30:21 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2010/09/02 13:18:58 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/02 13:18:49 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/02 13:18:49 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/02 13:18:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/02 13:18:47 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI
[2010/09/02 13:16:51 | 000,000,249 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/07/02 02:04:59 | 000,000,036 | ---- | C] () -- C:\Users\BIG T\AppData\Local\housecall.guid.cache
[2010/04/10 00:16:43 | 000,003,584 | ---- | C] () -- C:\Users\BIG T\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 15:32:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz Kit
[2009/11/16 15:32:37 | 000,000,268 | RH-- | C] () -- C:\Users\BIG T\AppData\Roaming\Internet Plug-Ins
[2009/11/16 15:32:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/28 17:34:23 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\FnF4.txt
[2009/08/28 16:38:27 | 000,006,002 | ---- | C] () -- C:\ProgramData\fandraft_template.xml
[2008/10/31 16:10:17 | 000,143,096 | ---- | C] () -- C:\Windows\SysWow64\guard32.dll
[2008/10/26 10:40:21 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\QSwitch.txt
[2008/10/26 10:40:21 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\DSwitch.txt
[2008/10/26 10:40:21 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\AtStart.txt
[2008/06/25 03:40:39 | 000,000,731 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 15:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== LOP Check ==========

[2010/07/03 11:03:29 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\Amazon
[2010/12/19 23:33:13 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\iScreensaver
[2009/11/16 15:34:35 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\Nikon
[2010/07/01 03:13:22 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\ofugwrlsl
[2008/10/26 13:33:58 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\Smith Micro
[2010/12/28 20:29:00 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\QuickConnectSupportTask.job
[2010/12/07 17:22:56 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/06/25 01:09:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2008/06/25 01:09:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 00:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >

Log in or Sign up

Active IExplorer Button Not Functioning...

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

CALBEAR Inactive Thread Starter

CALBEAR Inactive Thread Starter

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

Share This Page

Log in or Sign up

Active IExplorer Button Not Functioning...

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

CALBEAR Inactive Thread Starter

CALBEAR Inactive Thread Starter

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

crunchie Inactive

CALBEAR Inactive Thread Starter

Share This Page

Useful Searches