Inactive started w/google redirect&now taken over entire pc

OTL logfile created on: 3/28/2011 12:08:39 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Buddy\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 133.61 Gb Free Space | 59.95% Space Free | Partition Type: NTFS

Computer Name: BUDDY-PC | User Name: Buddy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 22:54:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/27 22:54:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Suite Service)
SRV - File not found [Unknown | Stopped] -- -- (NSL)
SRV - [2011/03/25 16:54:28 | 006,449,984 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Users\Buddy\Downloads\HitmanPro35.exe -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2010/12/24 07:45:07 | 000,797,848 | ---- | M] () [Auto | Stopped] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2010/12/24 07:45:07 | 000,093,328 | ---- | M] () [Auto | Stopped] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2008/06/11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/07/27 12:49:42 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/12/24 07:45:10 | 000,010,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avfsfilter.sys -- (AVFSFilter)
DRV - [2008/07/28 02:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/25 19:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/07/27 12:50:22 | 000,329,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 02:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/05/23 19:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1210&m=t-6330u
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.swagbucks.com/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: printwithoutads@oleg.vaskevich:1.1
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:1.2.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {203FB6B2-2E1E-4474-863B-4C483ECCE78E}:1.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: adban@ad-ban.appspot.com:1.5.1
FF - prefs.js..extensions.enabledItems: historyblock@kain:1.3.5
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..network.proxy.ftp: " "
FF - prefs.js..network.proxy.ftp_port: " "
FF - prefs.js..network.proxy.gopher: " "
FF - prefs.js..network.proxy.gopher_port: " "
FF - prefs.js..network.proxy.http: " "
FF - prefs.js..network.proxy.http_port: " "
FF - prefs.js..network.proxy.socks: " "
FF - prefs.js..network.proxy.socks_port: " "
FF - prefs.js..network.proxy.ssl: " "
FF - prefs.js..network.proxy.ssl_port: " "
FF - prefs.js..network.proxy.type: " "


FF - HKLM\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 20:11:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 20:11:04 | 000,000,000 | ---D | M]

[2010/12/06 01:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Extensions
[2011/03/27 14:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions
[2011/02/12 01:14:54 | 000,000,000 | ---D | M] (LightShot (screenshot tool)) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2011/03/15 17:48:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/12 01:14:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/23 20:35:04 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/12 01:14:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/19 05:55:04 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/03/17 04:50:32 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/03/17 04:50:30 | 000,000,000 | ---D | M] (AdBan) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\adban@ad-ban.appspot.com
[2011/03/23 20:35:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\engine@conduit.com
[2011/03/17 04:50:29 | 000,000,000 | ---D | M] (HistoryBlock) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\historyblock@kain
[2010/12/06 01:43:28 | 000,000,000 | ---D | M] (Print Without Ads) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\printwithoutads@oleg.vaskevich
[2011/03/17 04:50:29 | 000,000,000 | ---D | M] (Stealthy) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\stealthyextension@gmail.com
[2011/03/17 04:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\extensions\stealthyextension@gmail.com\chrome
[2011/03/15 05:06:12 | 000,001,919 | ---- | M] () -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\searchplugins\bing-zugo.xml
[2011/03/08 17:49:53 | 000,002,463 | ---- | M] () -- C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\zse52tuc.default\searchplugins\safesearch.xml
[2011/03/26 18:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/06 02:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 20:07:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 02:34:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\COFFNST
[2010/12/08 04:03:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/27 21:20:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - File not found
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VFPROguard] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 23:59:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/27 22:54:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2011/03/27 22:37:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/27 22:27:26 | 000,000,000 | --SD | C] -- C:\broni5141b
[2011/03/27 22:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/27 22:16:17 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\temp
[2011/03/27 22:06:41 | 000,000,000 | --SD | C] -- C:\broni
[2011/03/27 21:09:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/27 21:09:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/27 21:09:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/27 21:09:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/27 21:09:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/27 20:49:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/27 19:12:37 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/27 19:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/27 19:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/27 19:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/27 15:45:48 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/03/27 15:45:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/03/27 15:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/03/27 15:45:47 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/03/27 15:45:47 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/03/27 15:45:47 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/03/27 15:45:47 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/03/27 15:45:35 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/03/27 15:45:35 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/03/27 15:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/27 15:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/27 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\Malwarebytes
[2011/03/27 14:44:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/27 14:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/27 14:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/27 14:44:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/27 14:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/27 14:41:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Buddy\Desktop\TFC.exe
[2011/03/27 02:47:55 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\Uniblue
[2011/03/27 02:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/03/27 02:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/03/27 02:47:32 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\OpenCandy
[2011/03/27 02:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2011/03/27 02:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2011/03/27 02:47:30 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\OpenCandy
[2011/03/25 17:04:34 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/03/25 16:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/03/25 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/25 15:46:09 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Desktop\tdsskiller
[2011/03/23 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Trusted Software
[2011/03/23 23:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusted Software
[2011/03/23 23:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trusted Software
[2011/03/23 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/03/23 20:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/03/23 20:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/03/23 20:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/23 20:32:16 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\uTorrent
[2011/03/23 02:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master Uneraser
[2011/03/23 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterCrypto Shared
[2011/03/23 02:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Master Uneraser
[2011/03/23 00:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/20 15:54:02 | 011,888,488 | ---- | C] (GARMIN Corp.) -- C:\Users\Buddy\MapSource.exe
[2011/03/19 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\NPE
[2011/03/19 14:42:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/16 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/03/16 17:29:12 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\FreeFileViewer
[2011/03/16 16:42:30 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\Apps
[2011/03/16 16:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2011/03/16 16:32:40 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2011/03/16 16:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011/03/16 16:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2011/03/16 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Toolkit Suite
[2011/03/16 16:03:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2854F90-E25A-4436-A624-DAA1A3535BAF}
[2011/03/16 16:03:14 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Local\PackageAware
[2011/03/16 00:01:23 | 001,320,224 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupDEU.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupSLV.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupSKY.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupPLK.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupITA.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupHUN.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupHRV.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupFRA.dll
[2011/03/16 00:01:23 | 001,316,128 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupELL.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupTRK.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupSVE.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupRUS.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupPTG.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupPTB.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupNOR.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupNLD.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupLOC.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupKOR.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupJPN.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupFIN.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupESP.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupENU.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupDAN.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupCSY.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupCHT.dll
[2011/03/16 00:01:23 | 001,312,032 | ---- | C] (Garmin, Ltd.) -- C:\Users\Buddy\SetupCHS.dll
[2011/03/16 00:01:23 | 000,000,000 | ---D | C] -- C:\Users\Buddy\USB_Drivers
[2011/03/16 00:01:23 | 000,000,000 | ---D | C] -- C:\Users\Buddy\EULA
[2011/03/15 22:34:06 | 060,468,584 | ---- | C] (Garmin International) -- C:\Users\Buddy\MapSource_6157.exe
[2011/03/15 22:24:08 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/03/15 21:27:22 | 008,797,032 | ---- | C] (GARMIN Corp.) -- C:\Users\Buddy\MapInstall (1).exe
[2011/03/15 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\My Downloads
[2011/03/15 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\FinalTorrent
[2011/03/15 17:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2011/03/15 17:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalTorrent
[2011/03/15 17:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\FinalTorrent
[2011/03/15 17:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/03/15 04:26:01 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\My Garmin
[2011/03/15 04:26:00 | 000,000,000 | ---D | C] -- C:\Users\Buddy\AppData\Roaming\GARMIN
[2011/03/14 22:43:19 | 000,000,000 | ---D | C] -- C:\Users\Buddy\All pix from Kodak Easyshare
[2011/03/12 01:49:10 | 000,017,536 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmn0200.sys
[2011/03/12 01:49:10 | 000,016,512 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmn0400.sys
[2011/03/12 01:49:10 | 000,011,776 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmn1200.sys
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Buddy\Documents\TDSSKiller.exe
[2011/03/08 02:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Safe Web Lite
[2011/03/08 02:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/08 02:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/03/07 23:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/03/07 22:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011/03/07 22:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2011/03/07 22:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2011/03/07 22:51:06 | 000,000,000 | ---D | C] -- C:\Garmin
[2011/03/07 22:51:05 | 000,000,000 | ---D | C] -- C:\MapSource
[2011/03/07 02:27:03 | 000,000,000 | ---D | C] -- C:\Users\Buddy\Documents\Usenet.nl

========== Files - Modified Within 30 Days ==========

[2011/03/28 00:03:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/28 00:03:24 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/03/28 00:02:15 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/27 22:54:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\OTL.exe
[2011/03/27 22:42:21 | 001,263,721 | ---- | M] () -- C:\Users\Buddy\Desktop\tdsskiller.zip
[2011/03/27 22:24:43 | 004,303,772 | R--- | M] () -- C:\Users\Buddy\Desktop\broni.exe
[2011/03/27 21:20:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/27 19:12:33 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/27 19:04:56 | 000,000,892 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/27 19:04:56 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 15:50:45 | 000,001,356 | ---- | M] () -- C:\Users\Buddy\AppData\Local\d3d9caps.dat
[2011/03/27 15:45:48 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/27 15:45:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/27 14:49:53 | 000,301,568 | ---- | M] () -- C:\Users\Buddy\Desktop\ib1n4w5o.exe
[2011/03/27 14:41:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Buddy\Desktop\TFC.exe
[2011/03/27 02:47:51 | 000,000,875 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2011/03/27 02:47:51 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/03/27 02:47:30 | 000,000,694 | ---- | M] () -- C:\Users\Buddy\Desktop\SIW.lnk
[2011/03/26 18:42:52 | 000,028,886 | ---- | M] () -- C:\Users\Buddy\Desktop\miss-piggy.jpg
[2011/03/26 16:54:36 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/03/26 16:20:36 | 000,133,632 | ---- | M] () -- C:\Users\Buddy\Desktop\RKUnhookerLE.EXE
[2011/03/26 16:19:50 | 000,625,664 | ---- | M] () -- C:\Users\Buddy\Desktop\dds.scr
[2011/03/26 16:19:10 | 000,050,477 | ---- | M] () -- C:\Users\Buddy\Desktop\Defogger.exe
[2011/03/25 17:05:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 17:05:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 17:04:34 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/03/25 17:04:34 | 000,003,234 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/03/25 16:55:04 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/25 16:38:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 16:38:46 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011/03/25 16:38:46 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2011/03/25 16:12:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/03/24 15:08:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/24 01:01:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/24 01:01:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/23 23:44:27 | 000,022,016 | ---- | M] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 23:24:07 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\File Type Mechanic.lnk
[2011/03/23 20:35:03 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/03/22 22:43:46 | 274,328,611 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/22 22:27:58 | 000,002,177 | -H-- | M] () -- C:\Users\Buddy\Documents\.picasa.ini
[2011/03/22 22:26:55 | 000,150,475 | ---- | M] () -- C:\Users\Buddy\Documents\cp affidavit.jpg
[2011/03/22 20:56:20 | 000,129,378 | ---- | M] () -- C:\Users\Buddy\Documents\child **** affidavit.jpg
[2011/03/22 18:28:57 | 000,006,637 | ---- | M] () -- C:\Users\Buddy\Documents\Pi Red and Blue.jpg
[2011/03/22 18:27:51 | 000,004,886 | ---- | M] () -- C:\Users\Buddy\Documents\Pi Red.jpg
[2011/03/21 02:15:55 | 000,020,278 | ---- | M] () -- C:\Users\Buddy\Documents\keychain5.jpg
[2011/03/21 02:09:56 | 000,011,781 | ---- | M] () -- C:\Users\Buddy\Documents\keychain4.jpg
[2011/03/21 02:08:34 | 000,015,464 | ---- | M] () -- C:\Users\Buddy\Documents\keychain3.jpg
[2011/03/21 02:07:08 | 000,016,383 | ---- | M] () -- C:\Users\Buddy\Documents\keychain2.jpg
[2011/03/21 02:05:23 | 000,018,209 | ---- | M] () -- C:\Users\Buddy\Documents\keychain.jpg
[2011/03/17 18:13:18 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/17 01:50:26 | 000,044,443 | ---- | M] () -- C:\Users\Buddy\Documents\2011 bracket picks sample.jpg
[2011/03/16 16:32:43 | 000,000,862 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2011/03/16 16:32:43 | 000,000,838 | ---- | M] () -- C:\Users\Buddy\FreeFileViewer.lnk
[2011/03/16 16:26:37 | 001,261,034 | ---- | M] () -- C:\Users\Buddy\Documents\OUR COMPUTER ALL DETAILS NEEDED.nfo
[2011/03/15 21:43:17 | 060,468,584 | ---- | M] (Garmin International) -- C:\Users\Buddy\MapSource_6157.exe
[2011/03/15 17:48:33 | 000,000,838 | ---- | M] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Buddy\Documents\TDSSKiller.exe
[2011/03/10 02:43:53 | 000,001,000 | -H-- | M] () -- C:\Users\Buddy\.picasa.ini

========== Files Created - No Company Name ==========

[2011/03/27 22:24:43 | 004,303,772 | R--- | C] () -- C:\Users\Buddy\Desktop\broni.exe
[2011/03/27 21:09:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/27 21:09:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/27 21:09:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/27 21:09:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/27 21:09:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/27 19:12:33 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/27 19:04:56 | 000,000,892 | ---- | C] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/27 15:45:48 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/03/27 14:49:53 | 000,301,568 | ---- | C] () -- C:\Users\Buddy\Desktop\ib1n4w5o.exe
[2011/03/27 14:44:14 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 02:47:51 | 000,000,875 | ---- | C] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2011/03/27 02:47:51 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2011/03/27 02:47:30 | 000,000,694 | ---- | C] () -- C:\Users\Buddy\Desktop\SIW.lnk
[2011/03/26 18:43:59 | 000,028,886 | ---- | C] () -- C:\Users\Buddy\Desktop\miss-piggy.jpg
[2011/03/26 16:35:19 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/03/26 16:20:34 | 000,133,632 | ---- | C] () -- C:\Users\Buddy\Desktop\RKUnhookerLE.EXE
[2011/03/26 16:19:47 | 000,625,664 | ---- | C] () -- C:\Users\Buddy\Desktop\dds.scr
[2011/03/26 16:19:10 | 000,050,477 | ---- | C] () -- C:\Users\Buddy\Desktop\Defogger.exe
[2011/03/25 17:06:38 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/03/25 17:04:34 | 000,003,234 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/03/25 16:55:06 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/25 16:55:04 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/03/25 15:40:06 | 001,263,721 | ---- | C] () -- C:\Users\Buddy\Desktop\tdsskiller.zip
[2011/03/23 23:24:07 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\File Type Mechanic.lnk
[2011/03/23 20:33:51 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/03/22 22:26:55 | 000,150,475 | ---- | C] () -- C:\Users\Buddy\Documents\cp affidavit.jpg
[2011/03/22 20:56:20 | 000,129,378 | ---- | C] () -- C:\Users\Buddy\Documents\child **** affidavit.jpg
[2011/03/22 18:28:57 | 000,006,637 | ---- | C] () -- C:\Users\Buddy\Documents\Pi Red and Blue.jpg
[2011/03/22 18:27:51 | 000,004,886 | ---- | C] () -- C:\Users\Buddy\Documents\Pi Red.jpg
[2011/03/21 02:11:48 | 000,020,278 | ---- | C] () -- C:\Users\Buddy\Documents\keychain5.jpg
[2011/03/21 02:09:56 | 000,011,781 | ---- | C] () -- C:\Users\Buddy\Documents\keychain4.jpg
[2011/03/21 02:08:34 | 000,015,464 | ---- | C] () -- C:\Users\Buddy\Documents\keychain3.jpg
[2011/03/21 02:07:08 | 000,016,383 | ---- | C] () -- C:\Users\Buddy\Documents\keychain2.jpg
[2011/03/21 02:05:23 | 000,018,209 | ---- | C] () -- C:\Users\Buddy\Documents\keychain.jpg
[2011/03/19 14:55:03 | 000,001,750 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/17 01:50:26 | 000,044,443 | ---- | C] () -- C:\Users\Buddy\Documents\2011 bracket picks sample.jpg
[2011/03/16 16:32:52 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2011/03/16 16:32:43 | 000,000,862 | ---- | C] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2011/03/16 16:32:43 | 000,000,838 | ---- | C] () -- C:\Users\Buddy\FreeFileViewer.lnk
[2011/03/16 16:26:37 | 001,261,034 | ---- | C] () -- C:\Users\Buddy\Documents\OUR COMPUTER ALL DETAILS NEEDED.nfo
[2011/03/16 00:01:22 | 000,404,480 | ---- | C] () -- C:\Users\Buddy\MSMAIN.msi
[2011/03/16 00:01:19 | 059,892,560 | ---- | C] () -- C:\Users\Buddy\Disk1.cab
[2011/03/15 17:48:36 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\FinalTorrent Update Checker.job
[2011/03/15 17:48:33 | 000,000,838 | ---- | C] () -- C:\Users\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalTorrent.lnk
[2011/03/15 05:15:44 | 921,583,616 | ---- | C] () -- C:\Users\Buddy\gmapprom1.img
[2011/02/13 19:06:08 | 000,011,752 | ---- | C] () -- C:\ProgramData\791-1.JPG
[2010/12/24 07:45:10 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2010/12/21 22:51:36 | 000,022,016 | ---- | C] () -- C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/18 04:59:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/12/17 01:46:59 | 000,001,356 | ---- | C] () -- C:\Users\Buddy\AppData\Local\d3d9caps.dat
[2010/12/13 03:14:46 | 000,000,082 | ---- | C] () -- C:\Users\Buddy\AppData\Roaming\wklnhst.dat
[2010/12/07 05:12:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/07 05:12:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/06 04:17:55 | 000,001,940 | ---- | C] () -- C:\Users\Buddy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/06 02:20:57 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/12/06 01:30:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/03 04:11:01 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/08 05:27:45 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/08 05:27:40 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/08 05:27:40 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/08 05:27:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/08 05:27:40 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/08 05:27:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,297,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/16 16:02:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\FinalTorrent
[2011/03/16 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\FreeFileViewer
[2011/03/15 04:27:31 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\GARMIN
[2011/03/20 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Missing-Hailey Dunn
[2011/03/27 02:47:30 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\OpenCandy
[2010/12/07 03:06:35 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Permanence
[2011/01/31 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Pixel Studio Pro
[2010/12/16 15:30:56 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Softinterface, Inc
[2010/12/13 03:14:48 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Template
[2011/03/27 02:47:55 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\Uniblue
[2011/03/25 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Buddy\AppData\Roaming\uTorrent
[2011/03/25 16:38:46 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job
[2011/03/25 16:38:46 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011/03/25 17:05:28 | 000,028,264 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

Hi broni what exactly is the Vista DVD? Is this something that comes with the laptop perhaps or is this something that would have been purchased separately?

I believe I still have the disks that came with it{in the attic}could that possibly be it?

Also would it be possible to just do a reset to factory settings{where it wipes out EVERYTHING}and takes it back to the very basics as when it was first purchased..I had to do that one other time..don't know what the issue was Gateway just told me thats what needed to be done..Would that fix all the issues?

 

Not good news.. When I was given this laptop 2yrs ago as a gift she had it all pre installed and set up by "geek squad" the entire OS as well as Norton installed for a full year..I went and got the box down and the cd/dvd that I am remembering was for my router/modem..So to my knowledge I never have had the Vista DVD since it was already preloaded..preset-up..

So I just called my friends husband who is a network engineer whose job includes traveling worldwide working on computers.. If anyone I know would have the vista DVD that I could borrow it would be him..unfortunately he's in meeting at the moment so I won't know til later tonight..

But Is there somewhere that I might download and burn a copy of the vista dvd? I have my son's Mac Notebook that of course is fully functioning{no viruses}if there is somewhere online that I can burn a copy of it?

 

Hi broni! am still waiting to get the Vista DVD..friend is supposed to get me one from his work today but won't be home til later this evening..

I was able to finally find a restore point that my computer would atleast go back to..the furthest date it would go back is 3/7/11{which atleast got the virus fighter offmy pc}..it fully restored the files back to that date so I wanted to know if maybe it made a difference and possibly helped clear anything up{I still can only load in safe mode }

So what would suggest I run to give a log that you could read to see if it possibly helped in any way??

 

Here's the mbam-log that I just ran

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6270

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

4/4/2011 5:40:11 PM
mbam-log-2011-04-04 (17-40-11).txt

Scan type: Quick scan
Objects scanned: 160104
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Here's the MBR check and it said I had three options to fix it..To dump into file or to repair with a boot code..I just hit exit as I didn't know what to do..

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Gateway
BIOS Manufacturer: Gateway
System Manufacturer: Gateway
System Product Name: T-6330U
Logical Drives Mask: 0x00000014

Kernel Drivers (total 112):
0x81C4E000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1B000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80417000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80477000 \SystemRoot\system32\PSHED.dll
0x80488000 \SystemRoot\system32\BOOTVID.dll
0x80490000 \SystemRoot\system32\CLFS.SYS
0x804D1000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\drivers\partmgr.sys
0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80788000 \SystemRoot\system32\drivers\intelide.sys
0x8078F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079D000 \SystemRoot\System32\drivers\mountmgr.sys
0x807AD000 \SystemRoot\system32\drivers\atapi.sys
0x807B5000 \SystemRoot\system32\drivers\ataport.SYS
0x807D3000 \SystemRoot\system32\drivers\msahci.sys
0x805B1000 \SystemRoot\system32\drivers\fltmgr.sys
0x807DD000 \SystemRoot\system32\drivers\fileinfo.sys
0x82207000 \SystemRoot\system32\drivers\NAV\1205000.07D\SYMDS.SYS
0x8225E000 \SystemRoot\system32\drivers\NAV\1205000.07D\SYMEFA.SYS
0x82302000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8230B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89E03000 \SystemRoot\system32\drivers\ndis.sys
0x89F0E000 \SystemRoot\system32\drivers\msrpc.sys
0x89F39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A005000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A314000 \SystemRoot\system32\drivers\volsnap.sys
0x8A355000 \SystemRoot\System32\Drivers\mup.sys
0x8A364000 \SystemRoot\System32\drivers\ecache.sys
0x8A38B000 \SystemRoot\system32\drivers\disk.sys
0x8A39C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A109000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A114000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A152000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A161000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A173000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D603000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D6EA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D6FD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D708000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D733000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D735000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D740000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D758000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8D75E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D78C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D7CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D7D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D7EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A191000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A1C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A1D7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A1EC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D7FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89F73000 \SystemRoot\system32\DRIVERS\ks.sys
0x89F9D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89FA7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89FB4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89FE8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8237C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x82393000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A34D000 \SystemRoot\System32\Drivers\Null.SYS
0x89FF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8239C000 \SystemRoot\System32\drivers\vga.sys
0x823A8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x823C9000 \SystemRoot\System32\drivers\watchdog.sys
0x823D6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x823DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x823E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x823F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x805E3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DE0C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DE20000 \SystemRoot\system32\drivers\afd.sys
0x8DE68000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DE9A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DEB0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DEBE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DEFA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DF04000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DF1B000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x94080000 \SystemRoot\System32\win32k.sys
0x8DF2E000 \SystemRoot\System32\drivers\Dxapi.sys
0x94290000 \SystemRoot\System32\drivers\dxg.sys
0x942C0000 \SystemRoot\System32\TSDDD.dll
0x8DF38000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DF45000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DF50000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x94340000 \SystemRoot\System32\framebuf.dll
0x8DF5A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DF84000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DF8E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8DFA7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8DFBC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x96203000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9623C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96254000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x777E0000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
472 csrss.exe
508 csrss.exe
516 C:\Windows\System32\wininit.exe
560 C:\Windows\System32\winlogon.exe
592 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1636 C:\Windows\explorer.exe
296 C:\Program Files\Windows Media Player\wmpnscfg.exe
1220 C:\Program Files\Internet Explorer\iexplore.exe
1492 C:\Windows\System32\notepad.exe
2004 C:\Users\Buddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYIHQMNY\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F85B7CD526802923C3EA061081FBF03E1B7455C7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

 

This wasn't like this last time..So is this a good thing that it says it can be repaired?

 

is there any way that I may burn this cd from a mac that would be able to be read by my infected vista pc? The only other computer I have available to me is a Macbook.

If not, it seems as tho I am not going to be able to do this.. My cd/dvd burner on my vista has been on the blitz long before this virus happened{i.e. my optiarc cd/dvd on my gateway can still play cds/dvds but it no longer burns them..every once in a great while it burns a cd/dvd..but for the vast majority of the time it does NOT..and it certainly looks as tho this is one of the vast majority times}..I have attempted to burn the cd 12 different times since last night when you posted this instruction..

 

Lemme check around.. Would the vista DVD still be worth getting? I am about to make a call to see if its available so I can run pick it up? But if no longer needed not gonna bother..

Thanks

 

good to know..I'll go ahead and make that phonecall and will post to give you an ETA of exactly when I will have it in my possession..

Thanks for being patient with me{my mistakes and all}

Be back soon

 

Hi broni! am waiting to hear back from friend so that I can go pick up the vista dvd..but i wanted to post this log that just popped open in my "notepad "..I of course am in "safe mode with networking "{as its still the only way I can access internet on this pc}and I was on a local news media site that I visit daily{bigcountryhomepage.com}and the IE session crashed..immediately popping open my "notepad" with the following log{it may mean absolutely nothing but am posting just in case it is of some type importance}
COPY/PASTED EXACT LOG:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x08583ed5, pid=660, tid=1344
#
# JRE version: 6.0_23-b05
# Java VM: Java HotSpot(TM) Client VM (19.0-b09 mixed mode windows-x86 )
# Problematic frame:
# C [jp2iexp.dll+0x3ed5]
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x09068c00): JavaThread "main" [_thread_in_native, id=1344, stack(0x08f10000,0x09010000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

Registers:
EAX=0x00000000, EBX=0x11abaa28, ECX=0x00000000, EDX=0x0900f86c
ESP=0x0900f858, EBP=0x0900f858, ESI=0x00000000, EDI=0x09068c00
EIP=0x08583ed5, EFLAGS=0x00010246

Register to memory mapping:

EAX=0x00000000
0x00000000 is pointing to unknown location

EBX=0x11abaa28
{method}
- klass: {other class}

ECX=0x00000000
0x00000000 is pointing to unknown location

EDX=0x0900f86c
0x0900f86c is pointing into the stack for thread: 0x09068c00
"main" prio=6 tid=0x09068c00 nid=0x540 runnable [0x0900f000]
java.lang.Thread.State: RUNNABLE

ESP=0x0900f858
0x0900f858 is pointing into the stack for thread: 0x09068c00
"main" prio=6 tid=0x09068c00 nid=0x540 runnable [0x0900f000]
java.lang.Thread.State: RUNNABLE

EBP=0x0900f858
0x0900f858 is pointing into the stack for thread: 0x09068c00
"main" prio=6 tid=0x09068c00 nid=0x540 runnable [0x0900f000]
java.lang.Thread.State: RUNNABLE

ESI=0x00000000
0x00000000 is pointing to unknown location

EDI=0x09068c00
"main" prio=6 tid=0x09068c00 nid=0x540 runnable [0x0900f000]
java.lang.Thread.State: RUNNABLE


Top of Stack: (sp=0x0900f858)
0x0900f858: 0900f86c 0d949fc7 09068d18 0900f8a0
0x0900f868: 09060fc0 00000000 09069268 fffffffe
0x0900f878: 0900f878 11abaa28 0900f8ac 11ac35a0
0x0900f888: 00000000 11abaa28 00000000 0900f8a8
0x0900f898: 00000000 00000000 11ac2fb0 0d948306
0x0900f8a8: 09060fc0 00000000 0f9d8e60 0900f8b4
0x0900f8b8: 11aba997 0900f8dc 11ac35a0 00000000
0x0900f8c8: 11aba9a8 0900f8a8 0900f8dc 0900f928

Instructions: (pc=0x08583ed5)
0x08583ec5: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x08583ed5: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14


Stack: [0x08f10000,0x09010000], sp=0x0900f858, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [jp2iexp.dll+0x3ed5]

[error occurred during error reporting (printing native stack), id 0xc0000005]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0

[error occurred during error reporting (printing Java stack), id 0xc0000005]


--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x1660a000 JavaThread "JRE 1.6.0.24 Worker Thread" [_thread_blocked, id=1752, stack(0x17160000,0x17260000)]
0x16609800 JavaThread "JRE 1.6.0.24 Output Reader Thread" [_thread_in_native, id=1464, stack(0x16ff0000,0x170f0000)]
0x16609000 JavaThread "JRE 1.6.0.24 Output Reader Thread" [_thread_in_native, id=1992, stack(0x16c20000,0x16d20000)]
0x16607c00 JavaThread "Thread-0" [_thread_in_native, id=272, stack(0x16da0000,0x16ea0000)]
0x16607400 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=724, stack(0x16b10000,0x16c10000)]
0x09157000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=764, stack(0x16870000,0x16970000)]
0x09120c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1860, stack(0x162f0000,0x163f0000)]
0x0911c000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=1400, stack(0x160c0000,0x161c0000)]
0x09119c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=1320, stack(0x15b50000,0x15c50000)]
0x09117c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1444, stack(0x15e70000,0x15f70000)]
0x090fec00 JavaThread "Finalizer" daemon [_thread_blocked, id=1056, stack(0x15cc0000,0x15dc0000)]
0x090fa000 JavaThread "Reference Handler" daemon [_thread_blocked, id=1724, stack(0x15940000,0x15a40000)]
=>0x09068c00 JavaThread "main" [_thread_in_native, id=1344, stack(0x08f10000,0x09010000)]

Other Threads:
0x090f6000 VMThread [stack: 0x15a40000,0x15b40000] [id=1100]
0x09131000 WatcherThread [stack: 0x164a0000,0x165a0000] [id=1424]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4928K, used 1570K [0x0f940000, 0x0fe90000, 0x103e0000)
eden space 4416K, 35% used [0x0f940000, 0x0fac89f8, 0x0fd90000)
from space 512K, 0% used [0x0fd90000, 0x0fd90000, 0x0fe10000)
to space 512K, 0% used [0x0fe10000, 0x0fe10000, 0x0fe90000)
tenured generation total 10944K, used 0K [0x103e0000, 0x10e90000, 0x11940000)
the space 10944K, 0% used [0x103e0000, 0x103e0000, 0x103e0200, 0x10e90000)
compacting perm gen total 12288K, used 3165K [0x11940000, 0x12540000, 0x15940000)
the space 12288K, 25% used [0x11940000, 0x11c57448, 0x11c57600, 0x12540000)
No shared spaces configured.

Dynamic libraries:
0x00a10000 - 0x00aac000 C:\Program Files\Internet Explorer\iexplore.exe
0x77020000 - 0x77148000 C:\Windows\system32\ntdll.dll
0x75e10000 - 0x75eeb000 C:\Windows\system32\kernel32.dll
0x75960000 - 0x75a26000 C:\Windows\system32\ADVAPI32.dll
0x762c0000 - 0x76382000 C:\Windows\system32\RPCRT4.dll
0x761f0000 - 0x7623b000 C:\Windows\system32\GDI32.dll
0x75890000 - 0x7592d000 C:\Windows\system32\USER32.dll
0x75c50000 - 0x75cfa000 C:\Windows\system32\msvcrt.dll
0x75b10000 - 0x75b68000 C:\Windows\system32\SHLWAPI.dll
0x763e0000 - 0x76ef0000 C:\Windows\system32\SHELL32.dll
0x75ef0000 - 0x76034000 C:\Windows\system32\ole32.dll
0x76ef0000 - 0x7701a000 C:\Windows\system32\urlmon.dll
0x771f0000 - 0x7727d000 C:\Windows\system32\OLEAUT32.dll
0x76390000 - 0x763d6000 C:\Windows\system32\iertutil.dll
0x74f60000 - 0x74f68000 C:\Windows\system32\VERSION.dll
0x76040000 - 0x7605e000 C:\Windows\system32\IMM32.DLL
0x75b80000 - 0x75c48000 C:\Windows\system32\MSCTF.dll
0x771e0000 - 0x771e9000 C:\Windows\system32\LPK.DLL
0x76240000 - 0x762bd000 C:\Windows\system32\USP10.dll
0x745d0000 - 0x7476e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
0x71680000 - 0x71c50000 C:\Windows\system32\IEFRAME.dll
0x757f0000 - 0x757f7000 C:\Windows\system32\PSAPI.DLL
0x74590000 - 0x745cf000 C:\Windows\system32\UxTheme.dll
0x74c20000 - 0x74c5b000 C:\Windows\system32\rsaenh.dll
0x706c0000 - 0x706ef000 C:\Windows\system32\IEUI.dll
0x74890000 - 0x74895000 C:\Windows\system32\MSIMG32.dll
0x74230000 - 0x743db000 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll
0x74560000 - 0x7458f000 C:\Windows\system32\xmllite.dll
0x72bb0000 - 0x72c63000 C:\Windows\system32\WindowsCodecs.dll
0x75720000 - 0x75734000 C:\Windows\system32\Secur32.dll
0x73240000 - 0x7326c000 C:\Windows\system32\apphelp.dll
0x75d80000 - 0x75e04000 C:\Windows\system32\CLBCatQ.DLL
0x6fe60000 - 0x6fec0000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0x70a90000 - 0x70ae3000 C:\Windows\System32\actxprxy.dll
0x75630000 - 0x7568f000 C:\Windows\system32\SXS.DLL
0x75a30000 - 0x75b01000 C:\Windows\system32\WININET.dll
0x75b70000 - 0x75b73000 C:\Windows\system32\Normaliz.dll
0x723a0000 - 0x723d0000 C:\Windows\system32\MLANG.dll
0x771b0000 - 0x771dd000 C:\Windows\system32\ws2_32.dll
0x771a0000 - 0x771a6000 C:\Windows\system32\NSI.dll
0x74ef0000 - 0x74f2b000 C:\Windows\system32\mswsock.dll
0x74d90000 - 0x74d95000 C:\Windows\System32\wshtcpip.dll
0x73050000 - 0x7309a000 C:\Windows\system32\RASAPI32.dll
0x73180000 - 0x73194000 C:\Windows\system32\rasman.dll
0x75450000 - 0x754c5000 C:\Windows\system32\NETAPI32.dll
0x72cb0000 - 0x72ce1000 C:\Windows\system32\TAPI32.dll
0x73230000 - 0x7323c000 C:\Windows\system32\rtutils.dll
0x730a0000 - 0x730d2000 C:\Windows\system32\WINMM.dll
0x73d90000 - 0x73dc9000 C:\Windows\system32\OLEACC.dll
0x75740000 - 0x7575e000 C:\Windows\system32\USERENV.dll
0x74b60000 - 0x74b6f000 C:\Windows\system32\NLAapi.dll
0x75290000 - 0x752a9000 C:\Windows\system32\IPHLPAPI.DLL
0x750b0000 - 0x750e5000 C:\Windows\system32\dhcpcsvc.DLL
0x75360000 - 0x7538c000 C:\Windows\system32\DNSAPI.dll
0x752d0000 - 0x752d7000 C:\Windows\system32\WINNSI.DLL
0x75080000 - 0x750a1000 C:\Windows\system32\dhcpcsvc6.DLL
0x73040000 - 0x73046000 C:\Windows\system32\rasadhlp.dll
0x76060000 - 0x761ea000 C:\Windows\system32\SETUPAPI.dll
0x73e00000 - 0x73ebb000 C:\Windows\system32\PROPSYS.dll
0x74f50000 - 0x74f55000 C:\Windows\System32\wship6.dll
0x72f20000 - 0x72f2f000 C:\Windows\system32\napinsp.dll
0x72ed0000 - 0x72ee2000 C:\Windows\system32\pnrpnsp.dll
0x72f00000 - 0x72f08000 C:\Windows\System32\winrnr.dll
0x77150000 - 0x7719a000 C:\Windows\system32\WLDAP32.dll
0x72e70000 - 0x72e95000 C:\Program Files\Bonjour\mdnsNSP.dll
0x70340000 - 0x706b5000 C:\Windows\system32\mshtml.dll
0x71580000 - 0x715a9000 C:\Windows\system32\msls31.dll
0x6fe00000 - 0x6fe60000 C:\Windows\system32\ieapfltr.dll
0x74530000 - 0x7455d000 C:\Windows\system32\WINTRUST.dll
0x75190000 - 0x75281000 C:\Windows\system32\CRYPT32.dll
0x75320000 - 0x75332000 C:\Windows\system32\MSASN1.dll
0x75930000 - 0x75959000 C:\Windows\system32\imagehlp.dll
0x74ba0000 - 0x74bc1000 C:\Windows\system32\NTMARTA.DLL
0x75340000 - 0x75351000 C:\Windows\system32\SAMLIB.dll
0x71370000 - 0x7137b000 C:\Windows\system32\msimtf.dll
0x6fd80000 - 0x6fdfd000 C:\Windows\system32\jscript.dll
0x74830000 - 0x7483c000 C:\Windows\system32\ImgUtil.dll
0x70130000 - 0x70162000 C:\Windows\system32\iepeers.dll
0x6fd30000 - 0x6fd72000 C:\Windows\system32\WINSPOOL.DRV
0x70af0000 - 0x70afe000 C:\Windows\system32\pngfilt.dll
0x6fcf0000 - 0x6fd29000 C:\Windows\system32\Dxtrans.dll
0x74a90000 - 0x74aa4000 C:\Windows\system32\ATL.DLL
0x701a0000 - 0x701aa000 C:\Windows\system32\ddrawex.dll
0x6fc00000 - 0x6fce5000 C:\Windows\system32\DDRAW.dll
0x70b00000 - 0x70b06000 C:\Windows\system32\DCIMAN32.dll
0x738c0000 - 0x738cc000 C:\Windows\system32\dwmapi.dll
0x6fb40000 - 0x6fb97000 C:\Windows\system32\Dxtmsft.dll
0x6fa40000 - 0x6fab7000 C:\Windows\system32\mshtmled.dll
0x71400000 - 0x71536000 C:\Windows\System32\msxml3.dll
0x70180000 - 0x7018c000 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
0x6f9a0000 - 0x6fa3b000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\MSVCR80.dll
0x74400000 - 0x7442f000 C:\Windows\system32\wdmaud.drv
0x735a0000 - 0x735a4000 C:\Windows\system32\ksuser.dll
0x744b0000 - 0x744d7000 C:\Windows\system32\MMDevAPI.DLL
0x73500000 - 0x73507000 C:\Windows\system32\AVRT.dll
0x6f920000 - 0x6f993000 C:\Windows\system32\msfeeds.dll
0x30000000 - 0x303ae000 C:\Windows\system32\Macromed\Flash\Flash9e.ocx
0x75d00000 - 0x75d73000 C:\Windows\system32\comdlg32.dll
0x6f890000 - 0x6f915000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.dll
0x75130000 - 0x75137000 C:\Windows\system32\credssp.dll
0x74c60000 - 0x74ca6000 C:\Windows\system32\schannel.dll
0x6f820000 - 0x6f889000 C:\Windows\system32\vbscript.dll
0x75040000 - 0x75075000 C:\Windows\system32\ncrypt.dll
0x74ff0000 - 0x75035000 C:\Windows\system32\BCRYPT.dll
0x74c00000 - 0x74c15000 C:\Windows\system32\GPAPI.dll
0x750f0000 - 0x7512a000 C:\Windows\system32\slc.dll
0x70a50000 - 0x70a58000 C:\Windows\system32\dispex.dll
0x6fbd0000 - 0x6fbf6000 C:\Windows\system32\dssenh.dll
0x709f0000 - 0x70a0b000 C:\Windows\system32\cryptnet.dll
0x70bc0000 - 0x70bc6000 C:\Windows\system32\SensApi.dll
0x73d10000 - 0x73d25000 C:\Windows\system32\Cabinet.dll
0x6f680000 - 0x6f749000 C:\Program Files\QuickTime\QTPlugin.ocx
0x6d8c0000 - 0x6e2f2000 C:\Windows\system32\wmp.dll
0x6fba0000 - 0x6fbc3000 C:\Windows\system32\MSVFW32.dll
0x6f5a0000 - 0x6f67c000 C:\Windows\system32\dbghelp.dll
0x6d0f0000 - 0x6d8b6000 C:\Windows\system32\wmploc.dll
0x70ff0000 - 0x71052000 C:\Windows\system32\mscms.dll
0x08580000 - 0x0859f000 C:\Program Files\Java\jre6\bin\jp2iexp.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\MSVCR71.dll
0x731c0000 - 0x731c7000 C:\Windows\system32\wsock32.dll
0x0d4c0000 - 0x0d76c000 C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
0x08430000 - 0x0843c000 C:\PROGRA~1\Java\jre6\bin\verify.dll
0x08610000 - 0x0862f000 C:\PROGRA~1\Java\jre6\bin\java.dll
0x087c0000 - 0x087c8000 C:\PROGRA~1\Java\jre6\bin\hpi.dll
0x08c70000 - 0x08c7f000 C:\PROGRA~1\Java\jre6\bin\zip.dll
0x08f00000 - 0x08f06000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x09010000 - 0x09023000 C:\Program Files\Java\jre6\bin\deploy.dll
0x09030000 - 0x09043000 C:\Program Files\Java\jre6\bin\net.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic

Environment Variables:
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Windows\System32\WindowsPowerShell\v1.0\
USERNAME=Buddy
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows Vista Build 6001 Service Pack 1

CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3

Memory: 4k page, physical 3135172k(2640516k free), swap 3279904k(2926388k free)

vm_info: Java HotSpot(TM) Client VM (19.0-b09) for windows-x86 JRE (1.6.0_23-b05), built on Nov 12 2010 15:00:43 by "java_re" with MS VC++ 7.1 (VS2003)

time: Tue Apr 05 19:00:10 2011
elapsed time: 2 seconds