Solved 8 Step Logs

Status
Not open for further replies.

Sheena314

Posts: 47   +0
I have been having some issues with my computer so I did the scans and have posted the logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4210

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

10/11/2010 6:42:21 PM
mbam-log-2010-10-11 (18-42-21).txt

Scan type: Quick scan
Objects scanned: 138534
Time elapsed: 15 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-11 23:56:45
Windows 6.0.6002 Service Pack 2
Running: pi8iml7k.exe; Driver: C:\Users\Gordon\AppData\Local\Temp\kxroqaod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74557817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7455BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7454F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7454E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74588395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7455DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7454FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7454FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [745DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7457C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7454D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74546853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7454687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74552AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 
DDS (Ver_10-10-10.03) - NTFSx86
Run by Gordon at 0:05:14.93 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1002 [GMT -7:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton Security Suite *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Gordon\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Gordon\Downloads\dds.scr
C:\Program Files\Mozilla Firefox\firefox.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net?cid=060410
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\gordon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\
FF - prefs.js: browser.search.selectedEngine - Comcast Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency.dll
FF - component: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.5.dll
FF - component: c:\users\gordon\appdata\roaming\mozilla\firefox\profiles\d3pl6lot.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gordon\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-1 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-1 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-1 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101011.001\IDSvix86.sys [2010-9-15 353840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-1 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-6-1 339504]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-11 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-11 07:19:43 -------- d-----w- c:\program files\Synaptics
2010-10-11 07:14:32 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-10-11 07:14:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-10 22:29:56 -------- d-----w- c:\program files\Speccy
2010-10-10 22:29:51 -------- d-----w- c:\program files\Defraggler
2010-10-09 21:08:39 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{dd54f636-0337-4cf9-a8cf-6da2b689292d}\mpengine.dll
2010-10-02 04:58:34 -------- d-----w- c:\program files\Feedback Tool
2010-09-28 17:54:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 17:54:16 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-26 18:21:35 -------- d-----w- c:\program files\DivX
2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-15 23:21:53 -------- d-----w- c:\users\gordon\appdata\roaming\Coby Media Manager
2010-09-15 07:09:51 -------- d-----w- c:\users\gordon\appdata\roaming\Coby
2010-09-15 00:10:41 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 00:10:33 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 00:10:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 00:10:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-15 00:10:12 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 0:07:31.68 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/7/2007 11:13:43 PM
System Uptime: 10/12/2010 12:01:10 AM (0 hours ago)

Motherboard: Quanta | | 30CF
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 | Socket S1 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 107.55 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.737 GiB free.
E: is CDROM ()
H: is FIXED (NTFS) - 1 GiB total, 1.034 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
AIO_Scan
Apple Software Update
AviSynth 2.5
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CA Pest Patrol Realtime Protection
CameraDrivers
CameraUserGuides
CCleaner
Coby Media Manager
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.5
Conexant HD Audio
Copy
CustomerResearchQFolder
Defraggler
Desktop Doctor
Destination Component
DeviceDiscovery
DivX Setup
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Feedback Tool
Gcabby2
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Participation Program 9.0
HP Doc Viewer
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Cameras 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Detection
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPAsset component for HP Active Support Library
hpicamDrvQFolder
HPNetworkAssistant
HPProductAssistant
HPSSupply
InstantShareDevicesMFC
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
LightScribe 1.6.43.1
LimeWire 5.5.16
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.10)
MSCU for Microsoft Vista
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
Norton Security Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PanoStandAlone
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SmartAudio
SolutionCenter
Speccy
SpeedFan (remove only)
SpywareBlaster 4.3
Status
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
TSP_CODEC
Universal Viewer
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC Sync (CE) Y!Epic Community Ed. v2.0.0.4
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

10/9/2010 7:33:05 AM, Error: EventLog [6008] - The previous system shutdown at 7:00:23 AM on 10/9/2010 was unexpected.
10/7/2010 7:24:43 PM, Error: EventLog [6008] - The previous system shutdown at 7:15:45 PM on 10/7/2010 was unexpected.
10/7/2010 2:50:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
10/7/2010 2:02:39 PM, Error: EventLog [6008] - The previous system shutdown at 1:52:19 PM on 10/7/2010 was unexpected.
10/7/2010 10:55:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
10/6/2010 6:36:18 AM, Error: EventLog [6008] - The previous system shutdown at 6:26:18 AM on 10/6/2010 was unexpected.
10/5/2010 9:54:31 AM, Error: EventLog [6008] - The previous system shutdown at 9:52:53 AM on 10/5/2010 was unexpected.
10/5/2010 7:46:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/12/2010 12:03:14 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/12/2010 12:01:49 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/11/2010 7:57:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
10/11/2010 7:56:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
10/11/2010 7:35:55 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
10/11/2010 7:35:55 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
10/11/2010 7:34:07 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:08 PM on 10/11/2010 was unexpected.
10/11/2010 5:02:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
10/11/2010 12:58:20 AM, Error: EventLog [6008] - The previous system shutdown at 12:55:59 AM on 10/11/2010 was unexpected.
10/11/2010 12:57:27 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
10/11/2010 10:28:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/11/2010 10:27:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
10/11/2010 10:27:25 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/11/2010 10:26:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/11/2010 10:26:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/11/2010 10:26:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/11/2010 10:26:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/11/2010 10:26:08 PM, Error: EventLog [6008] - The previous system shutdown at 10:23:57 PM on 10/11/2010 was unexpected.
10/11/2010 10:10:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
10/10/2010 8:59:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
10/10/2010 8:01:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
10/10/2010 3:34:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/10/2010 3:34:01 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2010 3:34:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/10/2010 3:11:39 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2010 2:28:59 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/10/2010 2:26:18 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
10/10/2010 2:19:49 PM, Error: EventLog [6008] - The previous system shutdown at 2:17:17 PM on 10/10/2010 was unexpected.
10/10/2010 12:07:12 PM, Error: EventLog [6008] - The previous system shutdown at 12:05:21 PM on 10/10/2010 was unexpected.
10/10/2010 10:09:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
10/10/2010 1:33:40 PM, Error: EventLog [6008] - The previous system shutdown at 1:32:01 PM on 10/10/2010 was unexpected.

==== End Of File ===========================
 
Here is my computer information:
Processor type: AMD Athlon (tm) 64 X2 Dual-core processor tk-55 1.80 GHz

RAM: 2GB

Hard Drive size/free space:
Local Disk (c)- 83.1GB free/140GB
HP recovery- 1.80GB free/ 8.42GB
32-bit operating system


I am wondering if a virus issue is connected with my touchpad acting strangely, which I addressed in another thread.
(https://www.techspot.com/vb/topic147363.html)

Also, the GMER scan was having some problems, so it may not have found everything.
 
You're not saying what your computer issues are.

GMER log is incomplete.
Please, rerun it.
 
Sorry, my computer issues are that it stalls. My scanner keeps saying there is a suspcious cloud virus.
I will post the GMER log once it finishes. It takes a long long time.
 
One quick question.
I know it was said and the original 8 Step thread that if GMER has problems I can start it in safe mode. Will doing this cause the scanner to miss any files, since not all programs are available for use during safe mode?
 
Oh okay, just making sure, since it seemed like not as many files showed up in the scan, when I attempted in to regular mode. :)
Here is the log:




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-15 22:28:33
Windows 6.0.6002 Service Pack 2
Running: pi8iml7k.exe; Driver: C:\Users\Gordon\AppData\Local\Temp\kxroqaod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74057817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [740AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7405BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7404F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [740575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7404E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74088395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7405DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7404FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7404FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [740471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [740DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7407C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7404D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74046853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7404687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1796] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74052AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here are the requested logs:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 167):
0x82619000 \SystemRoot\system32\ntkrnlpa.exe
0x829D2000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\PSHED.dll
0x8061B000 \SystemRoot\system32\BOOTVID.dll
0x80623000 \SystemRoot\system32\CLFS.SYS
0x80664000 \SystemRoot\system32\CI.dll
0x80744000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807B5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87C01000 \SystemRoot\system32\drivers\acpi.sys
0x87C47000 \SystemRoot\system32\drivers\WMILIB.SYS
0x87C50000 \SystemRoot\system32\drivers\msisadrv.sys
0x87C58000 \SystemRoot\system32\drivers\pci.sys
0x87C7F000 \SystemRoot\System32\drivers\partmgr.sys
0x87C8E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87C91000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87C9B000 \SystemRoot\system32\drivers\volmgr.sys
0x87CAA000 \SystemRoot\System32\drivers\volmgrx.sys
0x87CF4000 \SystemRoot\system32\drivers\pciide.sys
0x87CFB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87D09000 \SystemRoot\System32\drivers\mountmgr.sys
0x87D19000 \SystemRoot\system32\drivers\atapi.sys
0x87D21000 \SystemRoot\system32\drivers\ataport.SYS
0x87D3F000 \SystemRoot\system32\drivers\fltmgr.sys
0x87D71000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
0x87DC7000 \SystemRoot\system32\drivers\fileinfo.sys
0x807C3000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
0x87DD7000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87E04000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E75000 \SystemRoot\system32\drivers\ndis.sys
0x87F80000 \SystemRoot\system32\drivers\msrpc.sys
0x87FAB000 \SystemRoot\system32\drivers\NETIO.SYS
0x88003000 \SystemRoot\System32\drivers\tcpip.sys
0x880ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88312000 \SystemRoot\system32\drivers\volsnap.sys
0x8834B000 \SystemRoot\System32\Drivers\spldr.sys
0x88353000 \SystemRoot\system32\speedfan.sys
0x88355000 \SystemRoot\System32\Drivers\mup.sys
0x88364000 \SystemRoot\system32\giveio.sys
0x88365000 \SystemRoot\System32\drivers\ecache.sys
0x8838C000 \SystemRoot\system32\drivers\disk.sys
0x8839D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x883E7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883F2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88108000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x883FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88118000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8811B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8812B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88132000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8813B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8813E000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88148000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88186000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88195000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x881AD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C007000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C094000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C0A4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C0B2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C0CC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C0DB000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C0EF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C209000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C309000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C40A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CB3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CBDD000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBE9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C38F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C39A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CBFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C3D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C140000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C16F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C1B0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C3EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C1C7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C1EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x881B3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x881C7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x881DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CE09000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CE33000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CE3D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CE4A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CE53000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CE88000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CE99000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CECC000 \SystemRoot\system32\drivers\portcls.sys
0x8CEF9000 \SystemRoot\system32\drivers\drmk.sys
0x8CF1E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D205000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D308000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D3BD000 \SystemRoot\system32\drivers\modem.sys
0x8D3CA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D3D3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CF5C000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
0x8D3DB000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
0x8CFB3000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
0x8E60D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVEX15.SYS
0x8E75B000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E780000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVENG.SYS
0x8E794000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E79D000 \SystemRoot\System32\Drivers\Null.SYS
0x8E7A4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E7AB000 \SystemRoot\System32\drivers\vga.sys
0x8E7B7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E7D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E7E0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E7E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CFBD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E7F3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CFCB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90203000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
0x9025C000 \SystemRoot\system32\DRIVERS\smb.sys
0x90270000 \SystemRoot\system32\drivers\afd.sys
0x902B8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x902EA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90300000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9030E000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x90310000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90323000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90344000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9034A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90386000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90390000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSvix86.sys
0x97201000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9725F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9727C000 \SystemRoot\System32\Drivers\dfsc.sys
0x97293000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
0x97312000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0x973BE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x973D4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x973E1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x973EC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9FA60000 \SystemRoot\System32\win32k.sys
0x973F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x903EB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9FC80000 \SystemRoot\System32\TSDDD.dll
0x9FCA0000 \SystemRoot\System32\cdd.dll
0x8CFE1000 \SystemRoot\system32\drivers\luafv.sys
0xA760A000 \SystemRoot\system32\drivers\spsys.sys
0xA76BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA76CA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA76F4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA76FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7711000 \SystemRoot\system32\drivers\HTTP.sys
0xA777E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA779B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA77B4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA77C9000 \SystemRoot\system32\drivers\mrxdav.sys
0x883C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8201000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA823A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA8252000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA827A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA82E0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA82E4000 \SystemRoot\system32\drivers\peauth.sys
0xA83C2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA83CC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA83D8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x77B00000 \Windows\System32\ntdll.dll

Processes (total 96):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
524 csrss.exe
576 C:\Windows\System32\wininit.exe
584 csrss.exe
624 C:\Windows\System32\winlogon.exe
660 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1216 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\SLsvc.exe
1264 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\rundll32.exe
1472 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1936 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
1972 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2004 C:\Program Files\Bonjour\mDNSResponder.exe
2024 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
12 C:\Windows\System32\svchost.exe
568 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
1452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1784 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1916 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
1644 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
2056 C:\Windows\System32\svchost.exe
2108 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2160 C:\Windows\System32\svchost.exe
2256 C:\Windows\System32\svchost.exe
2280 C:\Windows\System32\SearchIndexer.exe
2396 C:\Windows\System32\drivers\XAudio.exe
2592 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2700 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2752 C:\Windows\System32\dwm.exe
2784 C:\Windows\System32\taskeng.exe
2856 C:\Windows\explorer.exe
2972 C:\Windows\System32\taskeng.exe
3396 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
3220 dllhost.exe
1768 C:\Program Files\Windows Defender\MSASCui.exe
2956 C:\Program Files\HP\QuickPlay\QPService.exe
1176 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
980 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3188 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2580 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2628 C:\Windows\PixArt\Pac207\Monitor.exe
1840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2736 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
320 C:\Windows\System32\rundll32.exe
2212 C:\Program Files\Winamp\winampa.exe
2744 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3780 WmiPrvSE.exe
2616 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3260 C:\Windows\ehome\ehtray.exe
3936 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
156 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
4032 C:\Windows\ehome\ehmsas.exe
3828 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4072 C:\Users\Gordon\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
2552 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4328 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
4384 C:\Program Files\Mozilla Firefox\firefox.exe
4420 C:\Windows\System32\SearchProtocolHost.exe
4712 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6120 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
5928 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4448 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5652 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5984 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5016 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5964 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5988 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
2484 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
2544 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
2504 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
2492 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
2088 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
3788 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4100 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4168 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4832 C:\Windows\System32\SndVol.exe
5644 C:\Program Files\Mozilla Firefox\plugin-container.exe
1444 taskeng.exe
5400 C:\Windows\System32\SearchFilterHost.exe
3840 C:\Users\Gordon\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`27caea00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000024`fed00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC7BP

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
ComboFix 10-10-20.01 - Gordon 10/20/2010 21:47:42.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.449 [GMT -7:00]
Running from: c:\users\Gordon\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Suite *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 04:58 . 2010-10-21 04:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-21 04:58 . 2010-10-21 04:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-21 04:58 . 2010-10-21 04:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-20 16:00 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CC01920-FBD3-4C86-838F-6167BFE016E8}\mpengine.dll
2010-10-14 05:28 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 05:28 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 05:27 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 05:27 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 05:27 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 05:27 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 05:27 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 05:26 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 05:24 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 05:24 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 05:24 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 05:05 . 2010-10-14 05:05 -------- d-----w- c:\programdata\WindowsSearch
2010-10-14 05:00 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 07:19 . 2010-10-11 07:19 -------- d-----w- c:\program files\Synaptics
2010-10-11 07:14 . 2009-08-07 16:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-10-11 07:14 . 2010-05-28 05:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-10 22:29 . 2010-10-10 22:30 -------- d-----w- c:\program files\Speccy
2010-10-10 22:29 . 2010-10-10 22:30 -------- d-----w- c:\program files\Defraggler
2010-10-02 04:58 . 2010-10-02 04:58 -------- d-----w- c:\program files\Feedback Tool
2010-09-28 17:54 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 17:54 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 18:21 . 2010-09-26 18:22 -------- d-----w- c:\program files\DivX
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{164d3751-cac6-4a6d-becd-ea67df61d232}]
2010-07-29 13:10 259584 ----a-w- c:\program files\comcasttb\auxi\comcastAu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-25 133104]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2010-03-20 00:27 5248312 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101020.001\IDSvix86.sys [2010-10-19 353840]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe [2010-02-26 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:03]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 21:03]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044339872-1800818904-3149626244-1003Core.job
- c:\users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 03:16]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1044339872-1800818904-3149626244-1003UA.job
- c:\users\Gordon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-25 03:16]

2010-10-21 c:\windows\Tasks\User_Feed_Synchronization-{468A7041-2846-4BA6-9013-506450816A76}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net?cid=060410
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\
FF - prefs.js: browser.search.selectedEngine - Comcast Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\components\dtTransparency.dll
FF - component: c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\components\dtTransparency3.5.dll
FF - component: c:\users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\d3pl6lot.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Gordon\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(156)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-10-20 22:03:36
ComboFix-quarantined-files.txt 2010-10-21 05:03
ComboFix2.txt 2010-10-12 18:57
ComboFix3.txt 2010-06-14 04:00

Pre-Run: 104,408,281,088 bytes free
Post-Run: 104,349,159,424 bytes free

- - End Of File - - F6B35D77C7F084EC11A08BDD722CCCBD
 
Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
When I click on the burnitcd.cmd file, it says that windows can not find it, making the program unable to run. How should I go about fixing this issue?

Edit: I am opening it using the winrar program, since it would not open on it's own.
 
The exact message is: "Windows can not find burnCDCC.exe. Make sure you typed the name correctly, and then try again."
This occurs when I click the file requested.
Should this program be placed in a specific folder, like system 32 or something like that?
 
I tried again and had the same issue. Is there another source I could use?
Edit: Before the message comes up and the command window closes, the following message appears in the command prompt window: c:Users\Gordon\Desktop>Start "" BurnCDCC.exe /f /v /s=4 /i=NTBR_CD.iso

I am not sure what I am doing wrong, and why WinRAR isn't reading the program.
 
Let's try different way....

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
Here is the MBR log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6500 Notebook PC
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 166):
0x82647000 \SystemRoot\system32\ntkrnlpa.exe
0x82614000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\PSHED.dll
0x80620000 \SystemRoot\system32\BOOTVID.dll
0x80628000 \SystemRoot\system32\CLFS.SYS
0x80669000 \SystemRoot\system32\CI.dll
0x80749000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807BA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87C09000 \SystemRoot\system32\drivers\acpi.sys
0x87C4F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x87C58000 \SystemRoot\system32\drivers\msisadrv.sys
0x87C60000 \SystemRoot\system32\drivers\pci.sys
0x87C87000 \SystemRoot\System32\drivers\partmgr.sys
0x87C96000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87C99000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87CA3000 \SystemRoot\system32\drivers\volmgr.sys
0x87CB2000 \SystemRoot\System32\drivers\volmgrx.sys
0x87CFC000 \SystemRoot\system32\drivers\pciide.sys
0x87D03000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87D11000 \SystemRoot\System32\drivers\mountmgr.sys
0x87D21000 \SystemRoot\system32\drivers\atapi.sys
0x87D29000 \SystemRoot\system32\drivers\ataport.SYS
0x87D47000 \SystemRoot\system32\drivers\fltmgr.sys
0x87D79000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
0x87DCF000 \SystemRoot\system32\drivers\fileinfo.sys
0x807C8000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
0x87DDF000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x87E03000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E74000 \SystemRoot\system32\drivers\ndis.sys
0x87F7F000 \SystemRoot\system32\drivers\msrpc.sys
0x87FAA000 \SystemRoot\system32\drivers\NETIO.SYS
0x88002000 \SystemRoot\System32\drivers\tcpip.sys
0x880EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88203000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88313000 \SystemRoot\system32\drivers\volsnap.sys
0x8834C000 \SystemRoot\System32\Drivers\spldr.sys
0x88354000 \SystemRoot\system32\speedfan.sys
0x88356000 \SystemRoot\System32\Drivers\mup.sys
0x88365000 \SystemRoot\system32\giveio.sys
0x88366000 \SystemRoot\System32\drivers\ecache.sys
0x8838D000 \SystemRoot\system32\drivers\disk.sys
0x8839E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883BF000 \SystemRoot\system32\drivers\crcdisk.sys
0x883E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88107000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x883FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88200000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88117000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88127000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8812E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88137000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8813A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88144000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88182000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88191000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x881A9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BE0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BE99000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BEA9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BEB7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BED1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BEE0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BEF4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C00D000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C10D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C205000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C937000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C9D8000 \SystemRoot\System32\drivers\watchdog.sys
0x8C9E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C193000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C19E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C9F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C1D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BF45000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BF74000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C1E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BFB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C1EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BFCC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BFEF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x881AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x881C3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x881D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C9F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CA01000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CA2B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CA35000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CA42000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CA4B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CA80000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CA91000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8CAC4000 \SystemRoot\system32\drivers\portcls.sys
0x8CAF1000 \SystemRoot\system32\drivers\drmk.sys
0x8CB16000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D20F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D312000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D3C7000 \SystemRoot\system32\drivers\modem.sys
0x8D3D4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D3DD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CB54000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
0x8CBAB000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
0x8D3E5000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
0x8E40E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVEX15.SYS
0x8E55C000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8E581000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101023.004\NAVENG.SYS
0x8E595000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E59E000 \SystemRoot\System32\Drivers\Null.SYS
0x8E5A5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E5AC000 \SystemRoot\System32\drivers\vga.sys
0x8E5B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E5D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E5E1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E5E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E400000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E5F4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CBCA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91A04000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
0x91A5D000 \SystemRoot\system32\DRIVERS\smb.sys
0x91A71000 \SystemRoot\system32\drivers\afd.sys
0x91AB9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91AEB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91B01000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91B0F000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x91B11000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91B24000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x91B45000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x91B4B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91B87000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91B91000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101021.003\IDSvix86.sys
0x97604000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x97662000 \SystemRoot\System32\Drivers\dfsc.sys
0x97679000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
0x976F8000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0x977A4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x977BA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x977C7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x977D2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81C50000 \SystemRoot\System32\win32k.sys
0x977DA000 \SystemRoot\System32\drivers\Dxapi.sys
0x977E4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81E70000 \SystemRoot\System32\TSDDD.dll
0x81E90000 \SystemRoot\System32\cdd.dll
0x8CBE0000 \SystemRoot\system32\drivers\luafv.sys
0x91BEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA7601000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA762B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7635000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7648000 \SystemRoot\system32\drivers\HTTP.sys
0xA76B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA76D2000 \SystemRoot\system32\drivers\spsys.sys
0xA7782000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA779B000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA77B0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA77D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8839000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA8851000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8879000 \SystemRoot\System32\DRIVERS\srv.sys
0xA88DF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA88E3000 \SystemRoot\system32\drivers\peauth.sys
0xA89C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA89CB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA89D7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x77860000 \Windows\System32\ntdll.dll

Processes (total 97):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
584 csrss.exe
636 C:\Windows\System32\wininit.exe
644 csrss.exe
684 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\services.exe
756 C:\Windows\System32\lsass.exe
764 C:\Windows\System32\lsm.exe
888 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\nvvsvc.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1268 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\rundll32.exe
1540 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
2028 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
184 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
284 C:\Program Files\Bonjour\mDNSResponder.exe
340 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
876 C:\Windows\System32\svchost.exe
896 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
1608 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2000 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1652 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
2052 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2132 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2164 C:\Windows\System32\svchost.exe
2252 C:\Windows\System32\svchost.exe
2288 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2328 C:\Windows\System32\SearchIndexer.exe
2568 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2740 C:\Windows\System32\drivers\XAudio.exe
2800 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2820 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3192 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
3236 C:\Windows\System32\dwm.exe
3248 C:\Windows\System32\taskeng.exe
3276 C:\Windows\explorer.exe
3364 C:\Windows\System32\taskeng.exe
3768 C:\Windows\System32\taskeng.exe
1364 WmiPrvSE.exe
2768 dllhost.exe
3384 C:\Program Files\Windows Defender\MSASCui.exe
3284 C:\Program Files\HP\QuickPlay\QPService.exe
3216 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3884 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3912 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3924 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
3936 C:\Windows\PixArt\Pac207\Monitor.exe
1996 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2072 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
3960 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
3500 C:\Windows\System32\rundll32.exe
2240 C:\Program Files\Winamp\winampa.exe
4000 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3472 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3592 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3388 C:\Windows\ehome\ehtray.exe
2412 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
1808 C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
3628 WmiPrvSE.exe
124 C:\Windows\ehome\ehmsas.exe
4212 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4252 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4452 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4488 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4500 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
4692 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4796 C:\Users\Gordon\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
5216 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5224 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5248 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
5260 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5268 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5276 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5284 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5292 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5328 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5468 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe
5492 <unknown>
5508 <unknown>
5596 C:\Program Files\Internet Explorer\ielowutil.exe
5860 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4024 C:\Users\Gordon\Downloads\MBRCheck.exe
4560 C:\Users\Gordon\AppData\Local\Google\Chrome\Application\chrome.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`27caea00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000024`fed00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC7BP

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.
Back