TechSpot

Host of problems: Pop-ups, redirections, printer failure etc

By Jimpact
Oct 10, 2010
  1. Hey guys, after attempts to clean up my laptop before, it continues to frustrate me. Whilst none of the problems have been dire in effecting my day-to-day usage, there comes a point where it just frustrates you too much. It also seems to be getting more problematic. Whilst I can't recall all issues I've had, here are some:

    - Constant pop-up tabs in firefox, usually ads relating to things I've searched in google
    - Unable to use printers due to 'spooler' problems
    - A new one is google results redirecting to ad pages
    - IE doesn't work at all
    - Unable to run Windows Update, amongst other updates

    I'm running on Windows 7.

    As per instructions, here are my logs...

    MBAM
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4792

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/10/2010 12:55:57 PM
    mbam-log-2010-10-11 (12-55-57).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 284242
    Time elapsed: 48 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    DDS
    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Jizzim at 13:09:10.15 on Mon 11/10/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1714 [GMT 11:00]

    SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Users\Jizzim\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S11BB.tmp" /EF "HKCU"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
    mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [CheckPoint Cleanup] c:\users\jizzim\appdata\local\temp\cpes_clean_launcher.exe c:\users\jizzim\appdata\local\temp\cpes_clean.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\jizzim\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jizzim\appdata\roaming\mozilla\firefox\profiles\j93md7hc.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jizzim\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-14 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-8 162640]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe [2010-3-4 81920]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-8 19024]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-8 51792]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1357464]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2010-3-4 126392]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-14 1153368]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-4 29472]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-10 228408]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-13 125056]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-22 66592]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 204288]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

    =============== Created Last 30 ================

    2010-10-11 01:04:12 -------- d-----w- c:\users\jizzim\appdata\roaming\Malwarebytes
    2010-10-11 01:03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-11 01:03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-11 01:03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-11 01:03:32 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-06 04:53:45 -------- d-----w- c:\users\jizzim\appdata\roaming\WildTangent
    2010-09-23 01:10:51 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-18 09:55:26 44544 ----a-w- c:\windows\system32\GIF89.DLL
    2010-09-18 09:55:26 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
    2010-09-18 09:55:21 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
    2010-09-18 09:55:21 15360 ----a-w- c:\windows\system32\inetfr.DLL
    2010-09-18 09:55:21 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-09-18 09:55:20 484352 ----a-w- c:\windows\system32\lame_enc.dll
    2010-09-18 09:55:20 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-09-18 09:55:20 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2010-09-18 09:55:20 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2010-09-18 09:55:20 -------- d-----w- c:\users\jizzim\appdata\roaming\FreeBurner
    2010-09-18 09:55:20 -------- d-----w- c:\program files\Free Easy Burner
    2010-09-14 02:45:42 -------- d-----w- c:\users\jizzim\appdata\local\DOSBox
    2010-09-14 02:45:14 -------- d-----w- C:\DOSGAMES
    2010-09-14 02:44:29 -------- d-----w- c:\program files\DOSBox-0.74

    ==================== Find3M ====================

    2010-08-12 12:15:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-08-07 04:17:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-16 03:51:00 14904 ----a-w- c:\windows\help\oem\scripts\LaunchHPForums.exe

    ============= FINISH: 13:09:54.72 ===============


    Happy to run other programs/logs on request.

    Help is greatly appreciated and I thank anyone who takes time into looking into this

    Cheers,

    ~Jimpact
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, don't wrap logs in quotes.

    Attach.txt part od DDS scan is missing, along with GMER log.
     
  3. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    Thanks! :)

    I don't think I can run GMER, I'm running Windows 7, attempted and the computer crashed.

    Here is the attach...

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/03/2010 6:26:14 PM
    System Uptime: 10/11/2010 12:56:54 PM (-719 hours ago)

    Motherboard: Hewlett-Packard | | 3659
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 454 GiB total, 354.775 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.941 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP62: 23/08/2010 3:52:20 PM - Scheduled Checkpoint
    RP63: 30/08/2010 1:41:53 PM - Installed FoodWorks 2009
    RP64: 13/09/2010 8:15:59 PM - Scheduled Checkpoint
    RP65: 22/09/2010 1:58:46 PM - Scheduled Checkpoint
    RP66: 4/10/2010 3:17:35 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    7-Zip 4.65
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0 MUI
    Adobe Shockwave Player
    Audacity 1.2.6
    avast! Free Antivirus
    BitTornado 0.3.17
    Broadcom 802.11 Wireless LAN Adapter
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    DVD Decrypter (Remove Only)
    DVD Menu Pack for HP MediaSmart Video
    DVD Shrink 3.2
    Easy DVD Clone
    ENE CIR Receiver Driver
    EPSON Printer Software
    ESU for Microsoft Windows 7
    Facebook Plug-In
    FLV Player 2.0 (build 25)
    FoodWorks 2009
    Free Easy Burner V 4.1
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Integrated Module with Bluetooth wireless technology
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Live TV
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart Webcam
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0154
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    IDT Audio
    Intel(R) Turbo Boost Technology Driver
    IntelĀ® Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 20
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    LabelPrint
    LAME v3.98.2 for Audacity
    Last.fm 1.5.4.24567
    LightScribe System Software
    LSI HDA Modem
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Professional Edition 2003
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox (3.6.10)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    Norton Online Backup
    NVIDIA Drivers
    OpenOffice.org 3.2
    Pharos
    Power2Go
    PowerDirector
    QLBCASL
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Recovery Manager
    SoftStylus
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Ultimate Paint 2.88 Freeware Edition
    Virgin Mobile
    Virtual DJ - Atomix Productions
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer

    ==== Event Viewer Messages From Past Week ========

    8/10/2010 10:24:30 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "C80AA920B288" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
    11/10/2010 12:57:41 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 11:58:53 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    11/10/2010 10:02:26 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
    11/10/2010 1:04:51 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
    11/10/2010 1:01:38 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================


    Cheers.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    GMER won't run on Windows 7 64-bit, but in any case....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    Alright, ComboFix took ages, but I got it done!

    MBRCheck
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 220):
    0x8303B000 \SystemRoot\system32\ntkrnlpa.exe
    0x83004000 \SystemRoot\system32\halmacpi.dll
    0x80BCB000 \SystemRoot\system32\kdcom.dll
    0x83628000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x836A0000 \SystemRoot\system32\PSHED.dll
    0x836B1000 \SystemRoot\system32\BOOTVID.dll
    0x836B9000 \SystemRoot\system32\CLFS.SYS
    0x836FB000 \SystemRoot\system32\CI.dll
    0x8BC00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8BC71000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8BC7F000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8BCC7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8BCD0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8BCD8000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8BD02000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8BD0D000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x8BD1C000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x8BD40000 \SystemRoot\System32\drivers\partmgr.sys
    0x8BD51000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8BD59000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8BD64000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8BD74000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8BDBF000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8BDC6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8BDD4000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x8BDDB000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x8BDE2000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x8BDEA000 \SystemRoot\System32\drivers\mountmgr.sys
    0x837A6000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x837C6000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x83600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x837E5000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x837EC000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x8BE3B000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x8BF16000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8BFF0000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8BE00000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8BE23000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x8C031000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C078000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8C082000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x8C095000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x8C0FF000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x8C14B000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x8C171000 \SystemRoot\system32\DRIVERS\djsvs.sys
    0x8C185000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8C1AB000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x8C1C2000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x8C000000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8C009000 \SystemRoot\system32\DRIVERS\arc.sys
    0x8C212000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x8C22A000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x8C29D000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x8C2AD000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x8C2C7000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x8C2D7000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x8C2F1000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x8C2FC000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x8C38E000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x8C39C000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x8C41A000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x8C599000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x8C5EE000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x8C400000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x8C3C1000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x8C607000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8C63B000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8C64C000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x8C65B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8C78A000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8C7B5000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8C810000 \SystemRoot\System32\Drivers\cng.sys
    0x8C86D000 \SystemRoot\System32\drivers\pcw.sys
    0x8C87B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8C884000 \SystemRoot\system32\drivers\ndis.sys
    0x8C93B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C979000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8CA28000 \SystemRoot\System32\drivers\tcpip.sys
    0x8CB71000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8CBA2000 \SystemRoot\system32\DRIVERS\wd.sys
    0x8CBAA000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8CBE9000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x8CBF2000 \SystemRoot\System32\Drivers\spldr.sys
    0x8CA00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x8C99E000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8CA18000 \SystemRoot\System32\Drivers\mup.sys
    0x8C9CB000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C9D3000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x8C7C8000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C9DC000 \SystemRoot\system32\DRIVERS\disk.sys
    0x91522000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x91541000 \SystemRoot\system32\drivers\NIS\1100000.088\SRTSP.SYS
    0x91598000 \SystemRoot\system32\drivers\NIS\1100000.088\SRTSPX.SYS
    0x91E33000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS
    0x91F75000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS
    0x91F89000 \SystemRoot\System32\Drivers\Null.SYS
    0x91F90000 \SystemRoot\System32\Drivers\Beep.SYS
    0x91F97000 \SystemRoot\System32\drivers\vga.sys
    0x91FA3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91FC4000 \SystemRoot\System32\drivers\watchdog.sys
    0x91FD1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x91FD9000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x91FE1000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x91FE9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x91E00000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x91E0E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x91E25000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x91FF4000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x915A2000 \SystemRoot\system32\drivers\afd.sys
    0x91400000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x91405000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8C800000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x92630000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x9264F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x92660000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9266E000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x92681000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x92691000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x926D2000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x926DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x926E6000 \SystemRoot\System32\drivers\discache.sys
    0x926F2000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9270A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x92718000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x9273F000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x92760000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x9381A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9418B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x92404000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x924BB000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x924F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x92513000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x92522000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x93212000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x934AB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x934EA000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x93516000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x93535000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x9354E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x93566000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x9356F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9357C000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x935B1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x935B3000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x935C0000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x935DF000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x935EA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x93200000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x935F3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x9256D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x9257F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x92597000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x925A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x925C4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x925DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x9418D000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x925F3000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x941A4000 \SystemRoot\system32\DRIVERS\ks.sys
    0x941D8000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x941E6000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x92764000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x93800000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x927A8000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x927BB000 \SystemRoot\system32\drivers\portcls.sys
    0x92600000 \SystemRoot\system32\drivers\drmk.sys
    0x94E18000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x94E83000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x94F9F000 \SystemRoot\system32\drivers\modem.sys
    0x94FAC000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x94FBB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x94FCE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x94FD5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x94FE1000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x94FEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x94E00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x934B5000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x95A10000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x95A3A000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x95A47000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x95B21000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x99040000 \SystemRoot\System32\win32k.sys
    0x95B32000 \SystemRoot\System32\drivers\Dxapi.sys
    0x95B3C000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x992A0000 \SystemRoot\System32\TSDDD.dll
    0x992F0000 \SystemRoot\System32\ATMFD.DLL
    0x95B47000 \SystemRoot\system32\drivers\luafv.sys
    0x95B62000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x95B79000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x95B7C000 \SystemRoot\system32\drivers\WudfPf.sys
    0x95B96000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x95BA6000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x95BEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x92619000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x91437000 \SystemRoot\system32\drivers\HTTP.sys
    0x914BC000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x927EA000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x914D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA7A1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA7A5A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA7A8D000 \SystemRoot\system32\drivers\peauth.sys
    0xA7B24000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA7B2E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA7B4F000 \??\C:\Windows\TEMP\mc2AE67.tmp
    0xA7B50000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA7B5D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA7BAC000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA7A00000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0xB382F000 \SystemRoot\System32\Drivers\bthport.sys
    0xB3893000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0xB38B7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0xB38C4000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0xB38DF000 \SystemRoot\system32\DRIVERS\btwavdt.sys
    0xB3952000 \SystemRoot\system32\drivers\btwaudio.sys
    0xB39D3000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
    0xB39DE000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0xB39E1000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    0x993A0000 \SystemRoot\System32\cdd.dll
    0x77700000 \Windows\System32\ntdll.dll
    0x47F40000 \Windows\System32\smss.exe
    0x77940000 \Windows\System32\apisetschema.dll

    Processes (total 76):
    0 System Idle Process
    4 System
    332 C:\Windows\System32\smss.exe
    492 csrss.exe
    568 C:\Windows\System32\wininit.exe
    620 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    792 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\nvvsvc.exe
    916 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
    1304 C:\Windows\System32\svchost.exe
    1412 C:\Windows\System32\hpservice.exe
    1488 C:\Windows\System32\svchost.exe
    1576 C:\Windows\System32\wlanext.exe
    1584 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1596 C:\Windows\System32\conhost.exe
    1616 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    304 C:\Windows\System32\svchost.exe
    1432 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
    1600 C:\Program Files\LSI SoftModem\agrsmsvc.exe
    488 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2060 C:\Windows\System32\svchost.exe
    2132 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2200 C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
    2252 C:\Windows\System32\svchost.exe
    2312 C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
    2348 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2392 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2564 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2960 unsecapp.exe
    3224 WmiPrvSE.exe
    1864 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    3888 C:\Windows\System32\SearchIndexer.exe
    4004 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    4456 C:\Windows\System32\svchost.exe
    4820 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5092 C:\Windows\System32\svchost.exe
    3656 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    4664 C:\Windows\System32\svchost.exe
    4304 csrss.exe
    5924 C:\Windows\System32\winlogon.exe
    5548 C:\Windows\System32\nvvsvc.exe
    3664 C:\Windows\System32\taskhost.exe
    3904 C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
    3220 C:\Windows\System32\dwm.exe
    3300 C:\Windows\explorer.exe
    3568 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3556 C:\Program Files\IDT\WDM\sttray.exe
    2720 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    128 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    508 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    5604 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3464 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    668 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    3764 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    4280 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    4248 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3892 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3084 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    5492 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    2372 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    5852 C:\Windows\System32\taskeng.exe
    5744 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    4696 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    5140 C:\Windows\System32\msiexec.exe
    5812 C:\Program Files\Mozilla Firefox\firefox.exe
    3848 C:\Windows\System32\audiodg.exe
    784 dllhost.exe
    3860 dllhost.exe
    2744 C:\Users\Jizzim\Downloads\MBRCheck.exe
    2272 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7bf00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

    PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC72E

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 510DDE42DA0E4925CCDCFC002F89829DEBC1AD2D


    Found non-standard or infected MBR.
     
  6. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    ComboFix
    ComboFix 10-10-10.02 - Jizzim 11/10/2010 14:36:32.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1970 [GMT 11:00]
    Running from: c:\users\Jizzim\Downloads\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    c:\windows\system32\spool\prtprocs\w32x86\PSR0244A.DLL

    Infected copy of c:\windows\system32\drivers\blbdrive.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
    .

    2010-10-11 03:43 . 2010-10-11 04:06 -------- d-----w- c:\users\Jizzim\AppData\Local\temp
    2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-11 03:05 . 2010-10-11 03:05 -------- d-----w- c:\program files\Common Files\Java
    2010-10-11 01:04 . 2010-10-11 01:04 -------- d-----w- c:\users\Jizzim\AppData\Roaming\Malwarebytes
    2010-10-11 01:03 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-11 01:03 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-06 04:53 . 2010-10-06 04:53 -------- d-----w- c:\users\Jizzim\AppData\Roaming\WildTangent
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-18 09:55 . 2006-11-18 01:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
    2010-09-18 09:55 . 1998-07-13 07:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
    2010-09-18 09:55 . 2003-01-26 02:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
    2010-09-18 09:55 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-09-18 09:55 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
    2010-09-18 09:55 . 2010-09-18 09:56 -------- d-----w- c:\users\Jizzim\AppData\Roaming\FreeBurner
    2010-09-18 09:55 . 2010-09-18 09:55 -------- d-----w- c:\program files\Free Easy Burner
    2010-09-18 09:55 . 2008-09-24 11:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
    2010-09-18 09:55 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2010-09-18 09:55 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2010-09-18 09:55 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-09-14 02:45 . 2010-09-14 02:45 -------- d-----w- c:\users\Jizzim\AppData\Local\DOSBox
    2010-09-14 02:45 . 2010-09-14 10:46 -------- d-----w- C:\DOSGAMES
    2010-09-14 02:44 . 2010-09-14 02:44 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 13826664]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-21 495708]
    "HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2009-03-03 81920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 00:19]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Jizzim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc27FE8.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-10-11 15:44:38
    ComboFix-quarantined-files.txt 2010-10-11 04:44

    Pre-Run: 380,669,247,488 bytes free
    Post-Run: 380,159,819,776 bytes free

    - - End Of File - - 9793E1C21D6AAE726B7D128B99133B3D
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    First, we need to fix your MBR, which seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  8. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    Okay, I've been attempting to complete this latest step.

    I didn't have issues with burning the disc (or so I think), but when I try and boot from the CD, I get errors just before I reach the 'Next you want to select the appropriate tool.'...

    Can't open CD driver CDRCACH
    SHSUCDX can't install.
    ERROR: Failure loading; unable to find CD ROM drive
    ERROR: If you have multiple CD ROM drives, please remove the other
    ERROR: CD-ROMs discs and try again, Otherwise your disc may be corrupt or the CD-ROM driver does not correctly support your system.

    Please reboot your computer now.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK. Let's try different way...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  10. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    Alright, that all went to plan!

    Here's the new log...

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 217):
    0x83045000 \SystemRoot\system32\ntkrnlpa.exe
    0x8300E000 \SystemRoot\system32\halmacpi.dll
    0x80B97000 \SystemRoot\system32\kdcom.dll
    0x8360E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x83686000 \SystemRoot\system32\PSHED.dll
    0x83697000 \SystemRoot\system32\BOOTVID.dll
    0x8369F000 \SystemRoot\system32\CLFS.SYS
    0x836E1000 \SystemRoot\system32\CI.dll
    0x8378C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x83600000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8BC33000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8BC7B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8BC84000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8BC8C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8BCB6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8BCC1000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x8BCD0000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x8BCF4000 \SystemRoot\System32\drivers\partmgr.sys
    0x8BD05000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8BD0D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8BD18000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8BD28000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8BD73000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8BD7A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8BD88000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x8BD8F000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x8BD96000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x8BD9E000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8BDB4000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x8BDD4000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x8BC00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8BC25000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8BDF3000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x8BE19000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x8BEF4000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8BFCE000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8BFD7000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8BE00000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x8C019000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C060000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8C06A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x8C07D000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x8C0E7000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x8C133000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x8C159000 \SystemRoot\system32\DRIVERS\djsvs.sys
    0x8C16D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8C193000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x8C1AA000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x8C1E7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8C000000 \SystemRoot\system32\DRIVERS\arc.sys
    0x8C216000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x8C22E000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x8C2A1000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x8C2B1000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x8C2CB000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x8C2DB000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x8C2F5000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x8C300000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x8C392000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x8C3A0000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x8C425000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x8C5A4000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x8C400000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x8C40D000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x8C3C5000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x8C635000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8C669000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8C67A000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x8C689000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8C7B8000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8C7E3000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8C82F000 \SystemRoot\System32\Drivers\cng.sys
    0x8C88C000 \SystemRoot\System32\drivers\pcw.sys
    0x8C89A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8C8A3000 \SystemRoot\system32\drivers\ndis.sys
    0x8C95A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C998000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8CA15000 \SystemRoot\System32\drivers\tcpip.sys
    0x8CB5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8CB8F000 \SystemRoot\system32\DRIVERS\wd.sys
    0x8CB97000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8CBD6000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x8CBDF000 \SystemRoot\System32\Drivers\spldr.sys
    0x8CBE7000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x8C9BD000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8CA00000 \SystemRoot\System32\Drivers\mup.sys
    0x8C9EA000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C9F2000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x8C600000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C800000 \SystemRoot\system32\DRIVERS\disk.sys
    0x9112A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x91149000 \SystemRoot\System32\Drivers\Null.SYS
    0x91150000 \SystemRoot\System32\Drivers\Beep.SYS
    0x91157000 \SystemRoot\System32\drivers\vga.sys
    0x91163000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91184000 \SystemRoot\System32\drivers\watchdog.sys
    0x91191000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x91199000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x911A1000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x911A9000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x911B4000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x911C2000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x911D9000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x911E4000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x9082D000 \SystemRoot\system32\drivers\afd.sys
    0x90887000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x9088C000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x908BE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x908C5000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x908E4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x908F5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x90903000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90916000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x90926000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90967000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90971000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x9097B000 \SystemRoot\System32\drivers\discache.sys
    0x90987000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9099F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x909AD000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x909D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x909F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x92A28000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x93399000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x91C2F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x91CE6000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x91D1F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91D3E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x91D4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x91E0B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x920A4000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x920E3000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x9210F000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x9212E000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x92147000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9215F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x92168000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x92175000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x921AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x921AC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x921B9000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x921D8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x921E3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x921EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x91D98000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x91DA5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x91DB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x91E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x91DCF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x91C00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x91C18000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x9339B000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x921FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x933B2000 \SystemRoot\system32\DRIVERS\ks.sys
    0x91DF1000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x933E6000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x92424000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x92468000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x92479000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x9248C000 \SystemRoot\system32\drivers\portcls.sys
    0x924BB000 \SystemRoot\system32\drivers\drmk.sys
    0x924D4000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x92606000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x92722000 \SystemRoot\system32\drivers\modem.sys
    0x9272F000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x9273E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x92751000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x92758000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x92764000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x9276F000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x92799000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x927A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x927BB000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x927DF000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x9253F000 \SystemRoot\System32\Drivers\bthport.sys
    0x925A3000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x92400000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x927F1000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x925E3000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x91000000 \SystemRoot\system32\DRIVERS\btwavdt.sys
    0x91073000 \SystemRoot\system32\drivers\btwaudio.sys
    0x920AE000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
    0x92600000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x94C80000 \SystemRoot\System32\win32k.sys
    0x920B9000 \SystemRoot\System32\drivers\Dxapi.sys
    0x920C3000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x82217000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x822F1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x82302000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94EE0000 \SystemRoot\System32\TSDDD.dll
    0x94F10000 \SystemRoot\System32\cdd.dll
    0x8230D000 \SystemRoot\system32\drivers\luafv.sys
    0x82328000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x8233F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x82342000 \SystemRoot\system32\drivers\WudfPf.sys
    0x94F30000 \SystemRoot\System32\ATMFD.DLL
    0x8235C000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8236C000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x823B2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x823C2000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA0C37000 \SystemRoot\system32\drivers\HTTP.sys
    0xA0CBC000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA0CD5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA0CE7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA0D0A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA0D45000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA0D60000 \SystemRoot\system32\drivers\peauth.sys
    0xA0C00000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA0C0A000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x823D5000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA2410000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA245F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA24B0000 \??\C:\Windows\TEMP\mc2B24D.tmp
    0xA24B3000 \SystemRoot\system32\drivers\spsys.sys
    0x77340000 \Windows\System32\ntdll.dll
    0x48140000 \Windows\System32\smss.exe
    0x77580000 \Windows\System32\apisetschema.dll

    Processes (total 81):
    0 System Idle Process
    4 System
    332 C:\Windows\System32\smss.exe
    544 csrss.exe
    596 C:\Windows\System32\wininit.exe
    604 csrss.exe
    656 C:\Windows\System32\services.exe
    664 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    772 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\nvvsvc.exe
    900 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
    1148 C:\Windows\System32\audiodg.exe
    1288 C:\Windows\servicing\TrustedInstaller.exe
    1312 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\winlogon.exe
    1484 C:\Windows\System32\hpservice.exe
    1552 C:\Windows\System32\svchost.exe
    1620 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1628 C:\Windows\System32\wlanext.exe
    1640 C:\Windows\System32\conhost.exe
    1660 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    2004 C:\Windows\System32\svchost.exe
    468 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
    484 C:\Program Files\LSI SoftModem\agrsmsvc.exe
    644 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    1032 C:\Windows\System32\svchost.exe
    1264 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1516 C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
    2080 C:\Windows\System32\svchost.exe
    2116 C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
    2164 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2244 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2296 C:\Windows\System32\svchost.exe
    2452 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2840 unsecapp.exe
    2948 WmiPrvSE.exe
    3064 C:\Windows\System32\svchost.exe
    3312 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    3428 C:\Windows\System32\nvvsvc.exe
    3500 C:\Windows\System32\svchost.exe
    3644 C:\Windows\System32\taskhost.exe
    3660 C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
    3696 C:\Windows\System32\dwm.exe
    3704 C:\Windows\explorer.exe
    4016 C:\Windows\System32\SearchIndexer.exe
    2792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2804 C:\Program Files\IDT\WDM\sttray.exe
    788 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    3048 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    800 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3072 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    3516 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3628 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2376 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    3900 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3984 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    4124 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    4148 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    4292 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4452 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    4856 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    4952 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5364 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    5424 C:\Windows\System32\taskeng.exe
    5476 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    5544 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
    4524 C:\Windows\System32\ctfmon.exe
    4280 C:\Windows\System32\spoolsv.exe
    1216 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    608 C:\Windows\System32\sppsvc.exe
    1888 C:\Windows\System32\svchost.exe
    3924 C:\Users\Jizzim\Downloads\MBRCheck.exe
    1900 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    3204 C:\Windows\System32\conhost.exe
    5240 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7bf00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

    PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC72E

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!


    Cheers.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Please, re-run Combofix and post fresh log.
     
  12. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    ComboFix Log 2

    ComboFix 10-10-11.01 - Jizzim 12/10/2010 14:25:46.2.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1681 [GMT 11:00]
    Running from: c:\users\Jizzim\Downloads\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
    .

    2010-10-12 03:30 . 2010-10-12 03:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-12 03:30 . 2010-10-12 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-12 03:21 . 2010-10-12 03:24 -------- d-----w- C:\32788R22FWJFW
    2010-10-11 13:55 . 2009-11-25 01:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-10-11 13:55 . 2009-11-25 01:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-10-11 13:55 . 2009-11-25 01:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-10-11 13:55 . 2009-11-25 01:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-10-11 13:55 . 2009-11-25 01:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-10-11 06:37 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-10-11 06:37 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-10-11 06:37 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-10-11 06:37 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-10-11 06:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-10-11 06:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-10-11 06:36 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-11 06:36 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-10-11 06:36 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2010-10-11 06:36 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2010-10-11 06:36 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2010-10-11 06:36 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2010-10-11 06:36 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-11 06:36 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-11 06:36 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-11 06:33 . 2010-09-15 23:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9626A06E-B9AD-43DE-A069-0B78A9E4FD2A}\mpengine.dll
    2010-10-11 04:44 . 2010-10-12 03:30 -------- d-----w- c:\users\Jizzim\AppData\Local\temp
    2010-10-11 03:05 . 2010-10-11 03:05 -------- d-----w- c:\program files\Common Files\Java
    2010-10-11 01:04 . 2010-10-11 01:04 -------- d-----w- c:\users\Jizzim\AppData\Roaming\Malwarebytes
    2010-10-11 01:03 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-11 01:03 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-06 04:53 . 2010-10-06 04:53 -------- d-----w- c:\users\Jizzim\AppData\Roaming\WildTangent
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-18 09:55 . 2006-11-18 01:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
    2010-09-18 09:55 . 1998-07-13 07:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
    2010-09-18 09:55 . 2003-01-26 02:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
    2010-09-18 09:55 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-09-18 09:55 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
    2010-09-18 09:55 . 2010-09-18 09:56 -------- d-----w- c:\users\Jizzim\AppData\Roaming\FreeBurner
    2010-09-18 09:55 . 2010-09-18 09:55 -------- d-----w- c:\program files\Free Easy Burner
    2010-09-18 09:55 . 2008-09-24 11:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
    2010-09-18 09:55 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2010-09-18 09:55 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2010-09-18 09:55 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-09-14 02:45 . 2010-09-14 02:45 -------- d-----w- c:\users\Jizzim\AppData\Local\DOSBox
    2010-09-14 02:45 . 2010-09-14 10:46 -------- d-----w- C:\DOSGAMES
    2010-09-14 02:44 . 2010-09-14 02:44 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 13826664]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-21 495708]
    "HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2009-03-03 81920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 00:19]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Jizzim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    "ImagePath"="\??\c:\windows\TEMP\mc25F00.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5164)
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    .
    Completion time: 2010-10-12 15:02:24
    ComboFix-quarantined-files.txt 2010-10-12 04:02
    ComboFix2.txt 2010-10-11 04:44

    Pre-Run: 381,659,049,984 bytes free
    Post-Run: 381,259,771,904 bytes free

    - - End Of File - - 85E0D691DEDA0A5BBB066A78604823A9


    _________________________________________________

    STATUS UPDATE

    - Pop-up tabs in firefox seem to be gone
    - IE is now functional
    - Google doesn't seem to be redirecting to ads anymore

    I haven't tested using the printer yet.

    Looking good, a donation may be on it's way to you soon!
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    We're not done yet, but I'm glad to see your computer feeling better :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    mchInjDrv
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  14. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    Hmm, not sure how that one went (but these combofixes take ages, about an hour each).

    ComboFix 10-10-11.02 - Jizzim 12/10/2010 16:15:27.3.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1546 [GMT 11:00]
    Running from: c:\users\Jizzim\Downloads\ComboFix.exe
    Command switches used :: c:\users\Jizzim\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
    .

    2010-10-12 05:19 . 2010-10-12 05:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-12 05:19 . 2010-10-12 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-12 05:14 . 2010-10-12 05:14 -------- d-----w- C:\32788R22FWJFW
    2010-10-11 13:55 . 2009-11-25 01:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-10-11 13:55 . 2009-11-25 01:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-10-11 13:55 . 2009-11-25 01:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-10-11 13:55 . 2009-11-25 01:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-10-11 13:55 . 2009-11-25 01:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-10-11 06:37 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-10-11 06:37 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-10-11 06:37 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-10-11 06:37 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-10-11 06:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-10-11 06:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-10-11 06:36 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-11 06:36 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-10-11 06:36 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2010-10-11 06:36 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2010-10-11 06:36 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2010-10-11 06:36 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2010-10-11 06:36 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-11 06:36 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-11 06:36 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-11 06:33 . 2010-09-15 23:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9626A06E-B9AD-43DE-A069-0B78A9E4FD2A}\mpengine.dll
    2010-10-11 04:44 . 2010-10-12 05:36 -------- d-----w- c:\users\Jizzim\AppData\Local\temp
    2010-10-11 03:05 . 2010-10-11 03:05 -------- d-----w- c:\program files\Common Files\Java
    2010-10-11 01:04 . 2010-10-11 01:04 -------- d-----w- c:\users\Jizzim\AppData\Roaming\Malwarebytes
    2010-10-11 01:03 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-11 01:03 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-06 04:53 . 2010-10-06 04:53 -------- d-----w- c:\users\Jizzim\AppData\Roaming\WildTangent
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-18 09:55 . 2006-11-18 01:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
    2010-09-18 09:55 . 1998-07-13 07:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
    2010-09-18 09:55 . 2003-01-26 02:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
    2010-09-18 09:55 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
    2010-09-18 09:55 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
    2010-09-18 09:55 . 2010-09-18 09:56 -------- d-----w- c:\users\Jizzim\AppData\Roaming\FreeBurner
    2010-09-18 09:55 . 2010-09-18 09:55 -------- d-----w- c:\program files\Free Easy Burner
    2010-09-18 09:55 . 2008-09-24 11:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
    2010-09-18 09:55 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2010-09-18 09:55 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2010-09-18 09:55 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2010-09-14 02:45 . 2010-09-14 02:45 -------- d-----w- c:\users\Jizzim\AppData\Local\DOSBox
    2010-09-14 02:45 . 2010-09-14 10:46 -------- d-----w- C:\DOSGAMES
    2010-09-14 02:44 . 2010-09-14 02:44 -------- d-----w- c:\program files\DOSBox-0.74

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 13826664]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-21 495708]
    "HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2009-03-03 81920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MCHINJDRV
    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 00:19]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Jizzim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3092)
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\progra~1\PHAROS~1\Core\CTskMstr.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\conhost.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-12 17:12:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-12 06:12
    ComboFix2.txt 2010-10-12 04:02
    ComboFix3.txt 2010-10-11 04:44

    Pre-Run: 381,304,172,544 bytes free
    Post-Run: 381,122,711,552 bytes free

    - - End Of File - - 59655D4C537E22EB74B46A8D4D75D09C


    _________________________________________________

    Sidenote: I'm not sure if you will be able to help with the printer or not, but it would be great if you can. Despite constant attempts to fix the printer/driver/spooler problem, it persists.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    It went well :)
    Combofix log looks good.
    Regarding printer, that would be up to some other forum.
    I wish, I could help, but we're too busy here, just to make sure people's computers are clean.

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    My computer seems to be chugging along quite well now, all the issues bar the printer and maybe updating some programs seems to be fixed.

    If you can't help with the printer, I was wondering if you know somewhere else trustworthy where I can ask for help?

    Here are the logs...

    OTL
    OTL logfile created on: 10/13/2010 11:27:08 AM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jizzim\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 453.74 Gb Total Space | 355.05 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
    Drive D: | 11.72 Gb Total Space | 1.94 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.34% Space Free | Partition Type: FAT32
    Drive F: | 238.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JCEL | User Name: Jizzim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
    PRC - [2010/10/06 11:19:13 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/10/06 11:19:12 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/05/21 01:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/21 01:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2010/03/09 23:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/21 18:35:26 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/10/21 18:35:26 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
    PRC - [2009/10/06 18:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/09/05 07:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/09/05 07:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/09/05 07:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/08/26 04:55:34 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 12:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2009/03/19 18:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
    PRC - [2009/03/03 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
    PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2009/01/15 12:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2007/02/22 16:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
    MOD - [2009/07/14 12:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 12:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 12:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/14 12:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 12:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/14 12:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 12:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/14 12:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 12:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 12:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 12:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
    MOD - [2009/07/14 12:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/06 11:19:12 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/03/30 10:09:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/10/21 18:35:26 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe -- (STacSV)
    SRV - [2009/09/05 07:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/07/14 12:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 12:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 12:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 12:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 12:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 12:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 12:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 12:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 12:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 12:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 12:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 12:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 12:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 12:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 12:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 12:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/06/06 11:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/03/03 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe -- (AESTFilters)
    SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2009/01/15 12:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2007/02/22 16:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
     
  17. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jizzim\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/12 23:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/08/12 23:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/06/09 19:09:42 | 002,709,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2010/03/09 23:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/03/09 23:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/03/09 23:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/03/09 23:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/03/09 23:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2009/12/11 18:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/30 04:20:40 | 009,906,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/10/21 18:35:26 | 000,420,352 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/10/13 14:00:00 | 000,125,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2009/10/03 14:57:58 | 000,204,288 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
    DRV - [2009/09/18 07:54:50 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2009/09/18 07:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2009/09/18 07:54:40 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2009/09/18 07:54:36 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2009/09/10 16:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/08/22 20:54:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/08/15 17:54:54 | 000,223,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/08/08 15:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2009/07/22 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/21 14:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2009/07/14 12:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 12:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 12:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 12:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 12:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 12:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 12:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 12:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 12:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 12:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 12:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 12:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 12:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 12:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 12:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 12:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 12:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 12:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 12:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 12:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 12:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 12:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 12:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 12:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 12:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 12:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 12:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 12:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 12:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 12:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 12:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 12:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 12:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 12:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 12:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 12:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 11:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 11:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 11:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 10:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 10:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 10:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 10:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/14 10:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 10:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 10:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 10:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 10:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 10:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 10:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 10:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 10:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 10:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 10:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 10:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 09:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 09:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 09:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 09:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 09:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 09:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 09:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
    DRV - [2009/07/14 09:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
    DRV - [2009/07/14 09:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
    DRV - [2009/07/14 09:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/14 09:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2009/07/14 09:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 09:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 09:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/07/09 08:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2009/07/09 08:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2009/06/30 05:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
    DRV - [2009/06/11 08:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/04/30 03:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
    FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
    FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 16:20:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/10 23:21:10 | 000,000,000 | ---D | M]

    [2010/03/24 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Extensions
    [2010/10/13 01:21:48 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions
    [2010/04/11 13:46:57 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2010/05/26 01:23:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/09/23 12:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\en-US@dictionaries.addons.mozilla.org
    [2010/05/14 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\radiobar@toolbar
    [2010/10/11 14:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/07 15:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/11 14:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/03/17 05:27:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/03/17 05:27:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/03/17 05:27:25 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/03/17 05:27:25 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
     
  18. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    O1 HOSTS File: ([2010/10/12 16:36:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/13 11:23:16 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
    [2010/10/12 16:42:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/10/12 16:19:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/12 16:14:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/12 16:14:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/10/11 17:13:44 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Desktop\NTBR_CD
    [2010/10/11 15:44:40 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Local\temp
    [2010/10/11 14:30:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/11 14:30:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/11 14:30:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/11 14:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/11 14:29:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/11 14:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/10/11 12:04:12 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\Malwarebytes
    [2010/10/11 12:03:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/10/11 12:03:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/10/11 12:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/11 12:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/10/06 15:53:45 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\WildTangent
    [2010/09/18 20:55:26 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\System32\vbalExpBar6.ocx
    [2010/09/18 20:55:21 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\SSubTmr6.dll
    [2010/09/18 20:55:20 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\FreeBurner
    [2010/09/18 20:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner
    [2010/09/14 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Local\DOSBox
    [2010/09/14 13:45:14 | 000,000,000 | ---D | C] -- C:\DOSGAMES
    [2010/09/14 13:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
    [2010/08/30 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Xyris Software
    [2010/08/30 14:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xyris Software
    [2010/08/29 22:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Local\Sunbelt Software
    [2010/08/29 22:40:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    [2010/08/14 13:51:33 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2010/08/07 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\OpenOffice.org
    [2010/08/07 15:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
    [2010/08/07 15:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
    [2010/08/07 15:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/08/07 15:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010/08/07 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
    [2010/08/06 23:24:02 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Documents\KP Downloads
    [2010/07/24 12:55:27 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Documents\VirtualDJ
    [2010/07/24 12:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
    [1 C:\Users\Jizzim\Documents\*.tmp files -> C:\Users\Jizzim\Documents\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
    [2010/10/13 09:44:05 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/13 09:44:05 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/13 09:42:07 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010/10/13 09:40:51 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/10/13 09:40:51 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/10/13 09:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/10/13 09:36:22 | 2408,734,720 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/13 01:28:14 | 000,024,046 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.odt
    [2010/10/12 16:36:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/12 16:05:24 | 000,015,824 | ---- | M] () -- C:\Users\Jizzim\Documents\Assessment Timetable T2.odt
    [2010/10/12 13:33:57 | 000,444,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/11 16:46:58 | 002,565,432 | ---- | M] () -- C:\Users\Jizzim\Desktop\NTBR_CD.exe
    [2010/10/11 13:51:22 | 371,888,057 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/10/11 12:03:35 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/10 23:21:10 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/06 17:21:38 | 000,001,249 | ---- | M] () -- C:\Users\Jizzim\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
    [2010/10/06 17:21:38 | 000,001,225 | ---- | M] () -- C:\Users\Jizzim\Desktop\Play HP Games.lnk
    [2010/10/04 09:46:16 | 000,013,645 | ---- | M] () -- C:\Users\Jizzim\Documents\final speech.odt
    [2010/09/30 01:54:41 | 000,048,707 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE204 Labs Pt II.odt
    [2010/09/29 13:30:25 | 000,020,571 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE202 Assignment.odt
    [2010/09/28 00:57:09 | 000,028,286 | ---- | M] () -- C:\Users\Jizzim\Documents\speech.odt
    [2010/09/23 14:47:47 | 000,040,209 | ---- | M] () -- C:\Users\Jizzim\Documents\HSN102 Summaries.odt
    [2010/09/21 10:04:20 | 000,015,953 | ---- | M] () -- C:\Users\Jizzim\Documents\20th-26th.ods
    [2010/09/18 20:55:26 | 000,001,051 | ---- | M] () -- C:\Users\Jizzim\Desktop\Free Easy Burner.lnk
    [2010/09/14 13:44:29 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
    [2010/09/11 01:09:35 | 000,023,687 | ---- | M] () -- C:\Users\Jizzim\Documents\Final Copy.odt
    [2010/09/10 23:28:45 | 000,185,161 | ---- | M] () -- C:\Users\Jizzim\Documents\jcel_tjkir_HSE212.pdf
    [2010/09/10 11:08:05 | 000,024,174 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE212 Assignment 2.odt
    [2010/09/01 17:41:41 | 000,942,080 | ---- | M] () -- C:\Users\Jizzim\Documents\Nutrition Assignment.fwb
    [2010/09/01 14:46:23 | 004,091,063 | ---- | M] () -- C:\Users\Jizzim\Documents\HSN102 Assignment.odt
    [2010/09/01 13:08:11 | 000,017,266 | ---- | M] () -- C:\Users\Jizzim\Documents\COMPARISON.ods
    [2010/08/30 15:56:07 | 006,218,877 | ---- | M] () -- C:\Users\Jizzim\Documents\FWPRO2009 Intro Guide 9 Feb10.pdf
    [2010/08/29 22:40:18 | 000,001,124 | ---- | M] () -- C:\Users\Jizzim\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/08/29 22:40:18 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010/08/24 01:14:40 | 000,010,603 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE212 Assignment.odt
    [2010/08/23 12:31:47 | 000,031,220 | ---- | M] () -- C:\Users\Jizzim\Documents\Lab3.odt
    [2010/08/12 23:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2010/08/12 23:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
    [2010/08/07 15:19:55 | 000,001,193 | ---- | M] () -- C:\Users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/08/07 15:18:50 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
    [2010/08/07 15:15:57 | 000,013,742 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE204 Summaries.rtf
    [2010/08/06 15:23:55 | 000,080,023 | ---- | M] () -- C:\Users\Jizzim\Documents\Amazing Race Application.pdf
    [2010/08/03 02:20:55 | 000,177,331 | ---- | M] () -- C:\Users\Jizzim\Desktop\Untitled.jpg
    [2010/07/30 15:02:41 | 000,002,055 | ---- | M] () -- C:\Users\Jizzim\Documents\Accounts.rtf
    [2010/07/26 02:04:42 | 000,003,477 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.rtf
    [1 C:\Users\Jizzim\Documents\*.tmp files -> C:\Users\Jizzim\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/12 13:39:55 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010/10/11 16:54:27 | 002,565,432 | ---- | C] () -- C:\Users\Jizzim\Desktop\NTBR_CD.exe
    [2010/10/11 14:30:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/11 14:30:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/11 14:30:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/11 14:30:27 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/11 14:30:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/11 12:03:35 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/06 17:21:38 | 000,001,249 | ---- | C] () -- C:\Users\Jizzim\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
    [2010/10/06 17:21:38 | 000,001,225 | ---- | C] () -- C:\Users\Jizzim\Desktop\Play HP Games.lnk
     
  19. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    [2010/10/04 00:40:17 | 000,013,645 | ---- | C] () -- C:\Users\Jizzim\Documents\final speech.odt
    [2010/09/29 00:37:24 | 000,020,571 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE202 Assignment.odt
    [2010/09/27 13:58:39 | 000,028,286 | ---- | C] () -- C:\Users\Jizzim\Documents\speech.odt
    [2010/09/21 13:46:13 | 000,048,707 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE204 Labs Pt II.odt
    [2010/09/21 10:04:18 | 000,015,953 | ---- | C] () -- C:\Users\Jizzim\Documents\20th-26th.ods
    [2010/09/20 17:49:23 | 000,040,209 | ---- | C] () -- C:\Users\Jizzim\Documents\HSN102 Summaries.odt
    [2010/09/18 20:55:26 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
    [2010/09/18 20:55:26 | 000,001,051 | ---- | C] () -- C:\Users\Jizzim\Desktop\Free Easy Burner.lnk
    [2010/09/18 20:55:20 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2010/09/14 13:44:29 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
    [2010/09/11 15:37:54 | 000,015,824 | ---- | C] () -- C:\Users\Jizzim\Documents\Assessment Timetable T2.odt
    [2010/09/10 23:26:47 | 000,185,161 | ---- | C] () -- C:\Users\Jizzim\Documents\jcel_tjkir_HSE212.pdf
    [2010/09/10 11:37:30 | 000,023,687 | ---- | C] () -- C:\Users\Jizzim\Documents\Final Copy.odt
    [2010/09/07 00:46:15 | 000,024,174 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE212 Assignment 2.odt
    [2010/09/01 17:44:15 | 000,024,046 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.odt
    [2010/08/31 17:43:53 | 004,091,063 | ---- | C] () -- C:\Users\Jizzim\Documents\HSN102 Assignment.odt
    [2010/08/30 15:55:44 | 006,218,877 | ---- | C] () -- C:\Users\Jizzim\Documents\FWPRO2009 Intro Guide 9 Feb10.pdf
    [2010/08/29 23:30:36 | 000,017,266 | ---- | C] () -- C:\Users\Jizzim\Documents\COMPARISON.ods
    [2010/08/24 01:14:38 | 000,010,603 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE212 Assignment.odt
    [2010/08/18 18:53:21 | 000,031,220 | ---- | C] () -- C:\Users\Jizzim\Documents\Lab3.odt
    [2010/08/07 15:19:55 | 000,001,193 | ---- | C] () -- C:\Users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/08/07 15:18:50 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
    [2010/08/06 15:23:55 | 000,080,023 | ---- | C] () -- C:\Users\Jizzim\Documents\Amazing Race Application.pdf
    [2010/08/03 02:20:55 | 000,177,331 | ---- | C] () -- C:\Users\Jizzim\Desktop\Untitled.jpg
    [2010/07/24 02:02:28 | 000,013,742 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE204 Summaries.rtf
    [2010/07/16 14:46:27 | 000,003,477 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.rtf
    [2010/06/04 17:03:24 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2010/04/26 18:54:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/03/24 18:32:45 | 000,000,000 | ---- | C] () -- C:\Users\Jizzim\AppData\Local\QSwitch.txt
    [2010/03/24 18:32:45 | 000,000,000 | ---- | C] () -- C:\Users\Jizzim\AppData\Local\DSwitch.txt
    [2010/03/24 18:32:45 | 000,000,000 | ---- | C] () -- C:\Users\Jizzim\AppData\Local\AtStart.txt
    [2010/03/24 18:32:42 | 000,000,282 | ---- | C] () -- C:\ProgramData\HPWALog.txt
    [2010/03/07 01:25:52 | 001,683,456 | ---- | C] () -- C:\Windows\System32\ltclr13n.dll
    [2010/03/07 01:25:52 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
    [2010/03/07 01:25:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
    [2010/03/04 20:40:28 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2010/03/04 20:40:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/03/04 20:40:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/03/04 20:39:58 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/03/04 20:39:25 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/03/04 20:23:02 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2010/03/04 20:22:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/03/04 20:18:57 | 000,000,283 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
    [2010/03/04 20:18:57 | 000,000,224 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
    [2010/01/10 20:07:01 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/01/10 20:04:19 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/01/10 20:03:30 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/01/10 20:03:05 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/09/30 10:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/04/08 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\.BitTornado
    [2010/04/13 01:23:04 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\CheckPoint
    [2010/05/16 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Elluminate
    [2010/06/24 00:07:47 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Facebook
    [2010/09/18 20:56:08 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\FreeBurner
    [2010/08/07 15:19:34 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\OpenOffice.org
    [2010/06/04 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\PrimoPDF
    [2010/10/06 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\WildTangent
    [2010/10/13 09:42:07 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    [2010/08/04 00:39:00 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/13 09:36:21 | 000,065,188 | ---- | M] () -- C:\aaw7boot.log
    [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/10/12 17:12:44 | 000,014,213 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/11 08:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/10/13 09:36:22 | 2408,734,720 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/20 21:55:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/06/20 21:55:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/10/13 09:36:27 | 3211,649,024 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 15:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 15:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 15:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 15:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 08:31:19 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2010/05/25 14:14:33 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\spool\prtprocs\w32x86\PSS0245D.DLL
    [2010/05/25 14:14:33 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\spool\prtprocs\w32x86\PSS0245E.DLL
    [2010/05/25 14:14:33 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\spool\prtprocs\w32x86\PSS0245F.DLL
    [2009/07/14 12:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/11 07:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 15:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
     
  20. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/24 18:32:58 | 000,000,221 | -HS- | M] () -- C:\Users\Jizzim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/11 16:46:58 | 002,565,432 | ---- | M] () -- C:\Users\Jizzim\Desktop\NTBR_CD.exe
    [2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/12 13:34:13 | 000,000,402 | -HS- | M] () -- C:\Users\Jizzim\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/10/13 10:12:32 | 000,000,282 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2010/03/04 20:40:23 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/01/10 20:07:31 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/03/04 20:39:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/01/10 20:04:12 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/03/04 20:39:25 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/03/04 20:40:13 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/01/10 20:03:24 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/01/10 20:06:55 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/03/04 20:40:29 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:411E1BE2

    < End of report >

    Extras

    OTL Extras logfile created on: 10/13/2010 11:27:08 AM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jizzim\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 453.74 Gb Total Space | 355.05 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
    Drive D: | 11.72 Gb Total Space | 1.94 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
    Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.34% Space Free | Partition Type: FAT32
    Drive F: | 238.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: JCEL | User Name: Jizzim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{5C3E7880-7F8B-4A06-A3C3-95509F092161}" = HP MediaSmart SmartMenu
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}" = SoftStylus
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelĀ® Matrix Storage Manager
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FB79808D-D401-420E-BB41-011C8CA4C7F3}" = FoodWorks 2009
    "284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
    "7-Zip" = 7-Zip 4.65
    "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Audacity_is1" = Audacity 1.2.6
    "avast5" = avast! Free Antivirus
    "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "BitTornado" = BitTornado 0.3.17
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "Easy DVD Clone" = Easy DVD Clone
    "EPSON Printer and Utilities" = EPSON Printer Software
    "FLV Player" = FLV Player 2.0 (build 25)
    "Free Easy Burner_is1" = Free Easy Burner V 4.1
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LastFM_is1" = Last.fm 1.5.4.24567
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Pharos" = Pharos
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "UP286_is1" = Ultimate Paint 2.88 Freeware Edition
    "Virgin Mobile" = Virgin Mobile
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
     
  21. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/26/2010 6:35:47 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x9a0 Faulting application
    start time: 0x01cb5dcb22aa2a8e Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: 6767633d-c9be-11df-b7cd-0027139e74bb

    Error - 9/26/2010 6:39:43 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x10b4 Faulting application
    start time: 0x01cb5dcb4dceb384 Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: f47a980a-c9be-11df-b7cd-0027139e74bb

    Error - 9/26/2010 6:42:57 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x16f0 Faulting application
    start time: 0x01cb5dcbe13bb42c Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: 68177d22-c9bf-11df-b7cd-0027139e74bb

    Error - 9/27/2010 6:05:33 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x9b4 Faulting application
    start time: 0x01cb5e9014a5b4b3 Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: 58e570ef-ca83-11df-9971-0027139e74bb

    Error - 9/27/2010 6:09:31 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: PSS0245E.DLL, version: 3.2.0.3901, time
    stamp: 0x44e514d6 Exception code: 0xc0000005 Fault offset: 0x00000032 Faulting process
    id: 0x1078 Faulting application start time: 0x01cb5e903f6951b9 Faulting application
    path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\system32\PSS0245E.DLL
    Report
    Id: e6d605b6-ca83-11df-9971-0027139e74bb

    Error - 9/27/2010 6:12:48 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0xa4 Faulting application
    start time: 0x01cb5e90d58b02d1 Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: 5c651b5e-ca84-11df-9971-0027139e74bb

    Error - 9/27/2010 9:50:32 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x880 Faulting application
    start time: 0x01cb5eaf81359a4f Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: c6e98eca-caa2-11df-98cc-0027139e74bb

    Error - 9/27/2010 9:54:30 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x12ec Faulting application
    start time: 0x01cb5eafad55a1d1 Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: 547d4de6-caa3-11df-98cc-0027139e74bb

    Error - 9/27/2010 9:57:49 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1648 Faulting application
    start time: 0x01cb5eb04140cb69 Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: cb16fdad-caa3-11df-98cc-0027139e74bb

    Error - 9/28/2010 6:31:36 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x998 Faulting application
    start time: 0x01cb5f5ce2e8ec5b Faulting application path: C:\Windows\System32\spoolsv.exe
    Faulting
    module path: unknown Report Id: 26ad2697-cb50-11df-9ff2-0027139e74bb

    [ Hewlett-Packard Events ]
    Error - 4/28/2010 7:48:59 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 4/28/2010 7:49:20 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 8/25/2010 3:55:37 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 9/15/2010 3:14:28 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
    Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    [ System Events ]
    Error - 7/9/2010 2:59:01 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/9/2010 3:02:03 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/9/2010 3:05:06 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly. It has done this
    3 time(s).

    Error - 7/9/2010 7:57:55 AM | Computer Name = JCEL | Source = Disk | ID = 262159
    Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.

    Error - 7/9/2010 9:38:25 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/9/2010 9:41:26 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/9/2010 9:44:28 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly. It has done this
    3 time(s).

    Error - 7/9/2010 6:10:48 PM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/9/2010 6:13:50 PM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly. It has done this
    2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 7/9/2010 6:16:52 PM | Computer Name = JCEL | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly. It has done this
    3 time(s).


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Regarding printer, start new topic in "Hardware" forum. You'll find plenty of helpful people there.

    =========================================================================

    I shouldn't be doing this, but I couldn't resist, when I saw this:
    C:\Users\Jizzim\Documents\Amazing Race Application.pdf

    :) One of my favorite shows :)
    I apologize for entering your private life :)

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [1 C:\Users\Jizzim\Documents\*.tmp files -> C:\Users\Jizzim\Documents\*.tmp -> ]
      @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:411E1BE2
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==========================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    Apologies for the lateness, I've got exams - but will do these ASAP (possibly later today).

    (oh and 'Lynette' was my family's account on PayPal)
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No need for apologies :)

    ...and thank you :)
     
  25. Jimpact

    Jimpact TS Rookie Topic Starter Posts: 18

    I've done the first two, here's the log:

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0 MUI
    Mozilla Firefox (3.6.11) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

    Going to do the third one now.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...