TechSpot

Message "Hard drive clusters are partly damaged" Virus?

By candygirl
Oct 29, 2011
  1. I believe my computer may be infected with something harmful. I don't pretend to know much about computers nor the difference between a virus, spyware, malware, etc but I am absolutely positive my computer is having a serious issue.

    Here a just a few of the messages that have been popping up:

    "Hard drive clusters are partly damaged"

    "Windows OS can't detects a free hard drive space. hard drive error."

    "Failed to save all the components for the file: //system32"

    Aside from these messages, it appears that some sort of "scan" was run but I became suspicious when I noticed that there were misspellings and impropoer use of punctuation within that "scan".

    So, my question is: What the heck is going on with my computer and what can I do (if anything) to fix it?

    Any and all help will be greatly appreciated! :)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    What is a log?

    What exactly is a log? Again, I am not very computer savvy.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Log is a text file which will be produced by some tools you'll run following instructions from my link.
     
  5. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Also, how do i know if...

    I have a functioning, updating antivirus program? The only thing I have on my computer is Microsoft Defender. Does this count?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Windows Defender is NOT an antivirus program.
     
  7. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    You learn something new every day

    Thanks for your patience. I will update you as soon as I have gone through all of the steps. Have a great Sunday!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Same to you :)
     
  9. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    GMER Main Mirror link will not open

    The Main Mirror link will not open. Is it ok if I download the Zip mirror instead?
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Sure...............
     
  11. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Problem loading GMER

    I cannot download GMER from the locations given on the 5-step page. Is there possibly something wrong with the links provided? Should I download it directly from gmer.net? If so, could you verify that this is what I should be downloading:

    GMER application: Download EXE

    Thanks!
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It looks like some problem with that site.
    Skip GMER for now.
     
  13. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Logs MBAM

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8047

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    10/30/2011 3:28:19 PM
    mbam-log-2011-10-30 (15-28-19).txt

    Scan type: Quick scan
    Objects scanned: 179043
    Time elapsed: 7 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Vianca\AppData\Local\Temp\p5tm1qbi6dss92.exe.tmp (Rogue.FakeAlert) -> Quarantined and deleted successfully.
     
  14. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Log DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6001.18000
    Run by Vianca at 16:22:51 on 2011-10-30
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2118 [GMT -4:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\Vianca\Documents\RCA Detective\RCADetective.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msntask.exe
    c:\program files (x86)\aim toolbar\aimtbServer.exe
    C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
    C:\Users\Vianca\AppData\Local\Temp\tbpreinstF2C8.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\Vianca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    uRunOnce: [tbInstall_aol] dnUpdate://70491/?Target=IE&Startpage=N&DefaultSearch=Y&S=_NOV_&_VSPEC_== /silent
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    StartupFolder: C:\Users\Vianca\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Vianca\Documents\RCA Detective\RCADetective.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEANA~1.LNK - C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{1BC653EC-F1C4-4804-8B40-C54357C121EB} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{A9A0B2C0-D36D-4F2A-8206-BA06C7140994} : DhcpNameServer = 68.87.74.166 68.87.68.166
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
    BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO-X64: AIM Toolbar Loader - No File
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Vianca\AppData\Roaming\Mozilla\Firefox\Profiles\apvwzz79.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Users\Vianca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/12 17:38:24];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-30 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-30 110032]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-8 365952]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
    R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-4 136176]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-8 222512]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-4 136176]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-30 19:30:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{57E036F7-658B-4E0C-B8CA-5FBC604E29DF}\offreg.dll
    2011-10-30 19:17:44 -------- d-----w- C:\Users\Vianca\AppData\Roaming\Malwarebytes
    2011-10-30 19:16:52 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-30 19:16:45 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-30 19:16:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-30 19:15:37 -------- d-----w- C:\Users\Vianca\AppData\Roaming\Avira
    2011-10-30 18:59:49 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-10-30 18:59:49 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
    2011-10-30 18:59:47 -------- d-----w- C:\ProgramData\Avira
    2011-10-30 18:59:47 -------- d-----w- C:\Program Files (x86)\Avira
    2011-10-30 18:12:16 3765288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-10-30 18:11:55 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{57E036F7-658B-4E0C-B8CA-5FBC604E29DF}\mpengine.dll
    2011-10-30 18:11:51 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-10-29 21:49:23 98304 ----a-w- C:\Windows\SysWow64\cabview.dll
    2011-10-29 21:49:23 104960 ----a-w- C:\Windows\System32\cabview.dll
    2011-10-29 21:49:20 218112 ----a-w- C:\Windows\System32\wintrust.dll
    2011-10-29 21:49:18 171520 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2011-10-29 21:39:29 2621440 ----a-w- C:\Windows\System32\wucltux.dll
    2011-10-29 21:39:09 98816 ----a-w- C:\Windows\System32\wudriver.dll
    2011-10-29 21:39:09 87552 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2011-10-29 21:38:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2011-10-29 21:38:57 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2011-10-29 21:38:57 185416 ----a-w- C:\Windows\System32\wuwebv.dll
    2011-10-29 21:38:57 171608 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 16:23:41.79 ===============
     
  15. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Log Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/12/2009 7:50:48 PM
    System Uptime: 10/30/2011 3:30:05 PM (1 hours ago)
    .
    Motherboard: Compal | | 30FC
    Processor: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82 | Socket M2/S1G1 | 1100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 330.734 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.134 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6500 E709n
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP107: 8/29/2011 5:49:54 PM - Scheduled Checkpoint
    RP108: 8/30/2011 7:24:47 PM - Scheduled Checkpoint
    RP109: 9/1/2011 1:59:25 PM - Scheduled Checkpoint
    RP110: 9/5/2011 1:53:47 PM - Scheduled Checkpoint
    RP111: 9/6/2011 3:49:39 PM - Scheduled Checkpoint
    RP112: 9/7/2011 4:01:24 PM - Scheduled Checkpoint
    RP113: 9/8/2011 6:04:12 PM - Scheduled Checkpoint
    RP114: 9/9/2011 11:20:00 AM - Scheduled Checkpoint
    RP115: 9/10/2011 8:51:31 AM - Scheduled Checkpoint
    RP117: 9/10/2011 6:38:11 PM - HP Installation Restore Point
    RP118: 9/17/2011 11:45:25 AM - Scheduled Checkpoint
    RP119: 9/22/2011 6:48:02 PM - Scheduled Checkpoint
    RP120: 9/23/2011 6:54:13 PM - Scheduled Checkpoint
    RP121: 9/26/2011 3:32:50 PM - Scheduled Checkpoint
    RP122: 9/27/2011 4:58:35 PM - Scheduled Checkpoint
    RP123: 10/7/2011 4:02:03 PM - Scheduled Checkpoint
    RP124: 10/16/2011 4:32:18 PM - Scheduled Checkpoint
    RP125: 10/19/2011 1:35:12 AM - Scheduled Checkpoint
    RP126: 10/20/2011 12:22:45 PM - Scheduled Checkpoint
    RP127: 10/22/2011 8:35:58 PM - Scheduled Checkpoint
    RP128: 10/25/2011 1:28:55 PM - Scheduled Checkpoint
    RP129: 10/28/2011 12:03:58 PM - Scheduled Checkpoint
    RP130: 10/29/2011 9:55:41 AM - Scheduled Checkpoint
    RP131: 10/29/2011 12:30:12 PM - Restore Operation
    RP132: 10/29/2011 3:13:15 PM - Restore Operation
    RP133: 10/29/2011 5:02:50 PM - Restore Operation
    RP134: 10/29/2011 5:38:20 PM - Windows Update
    RP135: 10/29/2011 5:49:25 PM - Windows Update
    RP136: 10/30/2011 2:09:10 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    6500_E709_eDocs
    6500_E709_Help
    6500_E709n
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    AIM 7
    AIM Toolbar
    AMD USB Audio Driver Filter
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    Avira Free Antivirus
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco Clean Access Agent
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    Download Updater (AOL LLC)
    ESU for Microsoft Vista
    Fax
    Google Chrome
    Google Earth
    Google Update Helper
    GPBaseService2
    HP Active Support Library
    HP Common Access Service Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Help and Support
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SlingPlayer
    HP MediaSmart TV
    HP MediaSmart Webcam
    HP MULTIPLE MODEM INSTALLER for VISTA
    HP Quick Launch Buttons 6.40 L1
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP User Guides 0129
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPProductAssistant
    HPSSupply
    IDT Audio
    Java(TM) 6 Update 7
    JMicron JMB38X Flash Media Controller
    Juno Preloader
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    muvee Reveal
    My HP Games
    NetZero Preloader
    Power2Go
    PowerDirector
    ProductContext
    QuickTime
    RCA Detective™ 3.0.1.1
    RCA Digital Voice Manager 5.3.3.0
    Real Estate Success Software
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Scan
    Skins
    Skype web features
    Skype™ 4.1
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    SmartWebPrinting
    SolutionCenter
    SPORE Creature Creator Trial Edition
    Status
    Toolbox
    TrayApp
    Update for Office 2007 (KB934528)
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/30/2011 2:18:43 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer FRANK-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1BC653EC-F1C4-4804-8B40-C54357C121EB}. The master browser is stopping or an election is being forced.
    10/29/2011 9:21:54 AM, Error: EventLog [6008] - The previous system shutdown at 9:19:33 AM on 10/29/2011 was unexpected.
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state
    10/29/2011 5:40:50 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state
    10/29/2011 5:26:32 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
    10/29/2011 5:22:00 PM, Error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: The specified module could not be found.
    10/29/2011 12:49:58 PM, Error: Service Control Manager [7022] - The HP Health Check Service service hung on starting.
    10/26/2011 10:21:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/24/2011 7:19:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 00265E2D585D has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    10/24/2011 10:59:08 AM, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.
    10/24/2011 10:59:08 AM, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.
    10/24/2011 10:59:08 AM, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.
    10/24/2011 10:59:08 AM, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.
    .
    ==== End Of File ===========================
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Blue screen during aswMBR scan

    Right after I clicked on Scan, I got a blue screen. Where did I screw up? :(
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Restart in Safe Mode and try from there.
     
  19. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    No luck with Safe Mode

    What next?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Did you try to run aswMBR from Safe Mode?
     
  21. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    aswMBR in safe mode

    Whether in safe mode or not, I get a blue screen the instant I click on Scan.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Go ahead with Combofix.
     
  23. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    This could be a crucial realization...

    Upon clicking the "How to temporarily disable your antivirus..." I realized that the icon for Avira is not a "closed umbrella". Following the instructions exactly, I can't disable the realtime protection. What am I doing wrong? Should I re-scan everything once I figure out how to disable the realtime protection?
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run Combofix from Safe Mode.
    You don't have to worry about Avira there.
     
  25. candygirl

    candygirl TS Rookie Topic Starter Posts: 44

    Combofix log

    ComboFix 11-10-30.04 - Vianca 10/31/2011 21:47:29.1.2 - x64 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.3195 [GMT -4:00]
    Running from: c:\users\Vianca\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\DFRC738.tmp
    c:\windows\msxml4-KB954430-enu.LOG
    c:\windows\msxml4-KB973688-enu.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-01 01:53 . 2011-11-01 01:53 -------- d-----w- c:\users\Vianca\AppData\Local\temp
    2011-11-01 01:53 . 2011-11-01 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-01 01:42 . 2011-11-01 01:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E036F7-658B-4E0C-B8CA-5FBC604E29DF}\offreg.dll
    2011-10-31 10:34 . 2010-09-20 12:14 316416 ----a-w- c:\windows\system32\msshsq.dll
    2011-10-31 10:34 . 2010-09-20 09:25 231936 ----a-w- c:\windows\SysWow64\msshsq.dll
    2011-10-31 08:32 . 2008-06-20 01:16 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
    2011-10-31 08:32 . 2008-06-20 01:14 37384 ----a-w- c:\windows\SysWow64\infocardcpl.cpl
    2011-10-31 08:32 . 2008-06-20 01:16 11264 ----a-w- c:\windows\system32\icardres.dll
    2011-10-31 08:32 . 2008-06-20 01:14 11264 ----a-w- c:\windows\SysWow64\icardres.dll
    2011-10-31 08:32 . 2008-06-20 01:17 52760 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-31 08:32 . 2008-06-20 01:14 43544 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2011-10-31 08:32 . 2008-06-20 01:14 781344 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
    2011-10-31 08:32 . 2008-06-20 01:17 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2011-10-31 08:32 . 2008-06-20 01:16 167432 ----a-w- c:\windows\system32\infocardapi.dll
    2011-10-31 08:32 . 2008-06-20 01:14 97800 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2011-10-31 08:32 . 2008-06-20 01:14 622080 ----a-w- c:\windows\SysWow64\icardagt.exe
    2011-10-31 08:32 . 2008-06-20 01:16 1383936 ----a-w- c:\windows\system32\icardagt.exe
    2011-10-31 08:31 . 2008-06-20 01:17 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2011-10-31 08:31 . 2008-06-20 01:14 105016 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2011-10-31 08:31 . 2008-06-20 01:17 357904 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-31 08:31 . 2008-06-20 01:14 326160 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2011-10-31 08:13 . 2008-07-27 18:03 41984 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2011-10-31 08:13 . 2008-07-27 18:01 13824 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-31 08:12 . 2008-07-27 18:03 96760 ----a-w- c:\windows\SysWow64\dfshim.dll
    2011-10-31 08:12 . 2008-07-27 18:01 112120 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-31 08:12 . 2008-07-27 18:03 282112 ----a-w- c:\windows\SysWow64\mscoree.dll
    2011-10-31 08:12 . 2008-07-27 18:01 406528 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-31 08:12 . 2008-07-27 18:03 158720 ----a-w- c:\windows\SysWow64\mscorier.dll
    2011-10-31 08:12 . 2008-07-27 18:01 158208 ----a-w- c:\windows\system32\mscorier.dll
    2011-10-31 08:11 . 2008-07-27 18:01 76288 ----a-w- c:\windows\system32\mscories.dll
    2011-10-31 08:11 . 2008-07-27 18:03 83968 ----a-w- c:\windows\SysWow64\mscories.dll
    2011-10-31 07:58 . 2010-02-20 23:44 32768 ----a-w- c:\windows\system32\nshhttp.dll
    2011-10-31 07:58 . 2010-02-20 23:39 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
    2011-10-31 07:58 . 2010-02-20 21:40 610304 ----a-w- c:\windows\system32\drivers\http.sys
    2011-10-31 07:58 . 2010-02-20 23:42 33792 ----a-w- c:\windows\system32\httpapi.dll
    2011-10-31 07:58 . 2010-02-20 23:37 31232 ----a-w- c:\windows\SysWow64\httpapi.dll
    2011-10-31 07:26 . 2010-04-14 18:33 101376 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-31 07:26 . 2010-04-14 17:46 80896 ----a-w- c:\windows\SysWow64\MSNP.ax
    2011-10-31 07:26 . 2010-04-14 18:35 375808 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-31 07:26 . 2010-04-14 17:47 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-31 07:26 . 2010-04-14 18:35 289792 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-31 07:26 . 2010-04-14 17:47 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-31 07:22 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
    2011-10-31 07:22 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-10-31 07:22 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-10-31 07:22 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
    2011-10-31 07:20 . 2009-10-09 21:56 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
    2011-10-31 07:20 . 2009-10-09 21:56 145408 ----a-w- c:\windows\SysWow64\WsmAuto.dll
    2011-10-31 07:20 . 2009-10-09 21:35 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2011-10-31 07:20 . 2009-10-09 21:34 180736 ----a-w- c:\windows\system32\WsmAuto.dll
    2011-10-31 07:20 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\SysWow64\WsmSvc.dll
    2011-10-31 07:20 . 2009-10-09 21:56 241152 ----a-w- c:\windows\SysWow64\winrscmd.dll
    2011-10-31 07:20 . 2009-10-09 21:56 246272 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
    2011-10-31 07:20 . 2009-10-09 21:55 252416 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
    2011-10-31 07:20 . 2009-10-09 21:34 370688 ----a-w- c:\windows\system32\winrscmd.dll
    2011-10-31 07:20 . 2009-10-09 21:34 348672 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2011-10-31 07:20 . 2009-10-09 21:36 2050048 ----a-w- c:\windows\system32\WsmSvc.dll
    2011-10-31 07:20 . 2009-10-09 21:34 352768 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2011-10-31 07:03 . 2011-10-31 07:03 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-10-30 19:17 . 2011-10-30 19:17 -------- d-----w- c:\users\Vianca\AppData\Roaming\Malwarebytes
    2011-10-30 19:16 . 2011-10-30 19:16 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-30 19:16 . 2011-10-30 19:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-10-30 19:16 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-30 19:15 . 2011-10-30 19:15 -------- d-----w- c:\users\Vianca\AppData\Roaming\Avira
    2011-10-30 18:59 . 2011-10-19 20:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2011-10-30 18:59 . 2011-10-19 20:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-30 18:59 . 2011-10-19 20:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-10-30 18:59 . 2011-10-30 18:59 -------- d-----w- c:\programdata\Avira
    2011-10-30 18:59 . 2011-10-30 18:59 -------- d-----w- c:\program files (x86)\Avira
    2011-10-30 18:55 . 2009-09-10 15:48 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
    2011-10-30 18:55 . 2009-09-10 15:48 372736 ----a-w- c:\windows\system32\unregmp2.exe
    2011-10-30 18:55 . 2009-09-10 15:21 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
    2011-10-30 18:55 . 2009-09-10 15:21 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
    2011-10-30 18:53 . 2009-04-02 12:39 818688 ----a-w- c:\windows\system32\WMSPDMOD.DLL
    2011-10-30 18:52 . 2010-10-18 14:25 87552 ----a-w- c:\windows\system32\consent.exe
    2011-10-30 18:51 . 2010-06-11 16:08 1875456 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-30 18:50 . 2009-09-04 12:52 82944 ----a-w- c:\windows\system32\msasn1.dll
    2011-10-30 18:49 . 2011-04-21 13:42 407552 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-10-30 18:47 . 2011-05-02 16:35 975360 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-30 18:46 . 2010-01-25 13:03 534016 ----a-w- c:\windows\system32\secproc_isv.dll
    2011-10-30 18:45 . 2009-07-14 13:21 368128 ----a-w- c:\windows\system32\wmpdxm.dll
    2011-10-30 18:21 . 2010-11-06 04:35 854528 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-30 18:21 . 2010-11-06 11:10 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
    2011-10-30 18:21 . 2010-11-06 04:35 499712 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-30 18:21 . 2010-11-06 04:35 655872 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-30 18:21 . 2010-11-06 11:10 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2011-10-30 18:21 . 2010-11-06 04:35 410112 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-30 18:21 . 2010-11-05 00:53 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
    2011-10-30 18:21 . 2010-11-04 21:16 267776 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-30 18:11 . 2011-10-18 06:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E036F7-658B-4E0C-B8CA-5FBC604E29DF}\mpengine.dll
    2011-10-30 18:11 . 2011-05-24 23:14 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-29 21:49 . 2010-01-15 00:04 98304 ----a-w- c:\windows\SysWow64\cabview.dll
    2011-10-29 21:49 . 2010-01-13 18:34 104960 ----a-w- c:\windows\system32\cabview.dll
    2011-10-29 21:49 . 2009-12-23 12:39 218112 ----a-w- c:\windows\system32\wintrust.dll
    2011-10-29 21:49 . 2009-12-23 12:43 171520 ----a-w- c:\windows\SysWow64\wintrust.dll
    2011-10-29 21:39 . 2009-08-07 02:24 43744 ----a-w- c:\windows\system32\wups2.dll
    2011-10-29 21:39 . 2009-08-07 02:24 57560 ----a-w- c:\windows\system32\wuauclt.exe
    2011-10-29 21:39 . 2009-08-07 02:24 2424024 ----a-w- c:\windows\system32\wuaueng.dll
    2011-10-29 21:39 . 2009-08-07 01:59 2621440 ----a-w- c:\windows\system32\wucltux.dll
    2011-10-29 21:39 . 2009-08-07 02:24 38112 ----a-w- c:\windows\system32\wups.dll
    2011-10-29 21:39 . 2009-08-07 01:59 98816 ----a-w- c:\windows\system32\wudriver.dll
    2011-10-29 21:39 . 2009-08-07 01:44 87552 ----a-w- c:\windows\SysWow64\wudriver.dll
    2011-10-29 21:39 . 2009-08-07 02:24 35552 ----a-w- c:\windows\SysWow64\wups.dll
    2011-10-29 21:39 . 2009-08-07 02:23 700640 ----a-w- c:\windows\system32\wuapi.dll
    2011-10-29 21:39 . 2009-08-07 02:23 575704 ----a-w- c:\windows\SysWow64\wuapi.dll
    2011-10-29 21:38 . 2009-08-06 23:23 185416 ----a-w- c:\windows\system32\wuwebv.dll
    2011-10-29 21:38 . 2009-08-06 23:23 171608 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2011-10-29 21:38 . 2009-08-06 22:59 36864 ----a-w- c:\windows\system32\wuapp.exe
    2011-10-29 21:38 . 2009-08-06 22:44 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-31 17:54 . 2011-08-31 17:54 0 ----a-w- c:\users\Vianca\AppData\Local\BITBBBF.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
    .
    c:\users\Vianca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RCA Detective.lnk - c:\users\Vianca\Documents\RCA Detective\RCADetective.exe [2011-10-7 804352]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - c:\program files (x86)\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/12 17:38];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 146928]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
    R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-03 365952]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
    R2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 136176]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 01:39]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 01:39]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188132796-2589654712-3005709553-1000Core.job
    - c:\users\Vianca\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 12:18]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188132796-2589654712-3005709553-1000UA.job
    - c:\users\Vianca\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 12:18]
    .
    2011-10-31 c:\windows\Tasks\WebReg Officejet 6500 E709n Series.job
    - c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2010-05-28 04:25]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Vianca\AppData\Roaming\Mozilla\Firefox\Profiles\apvwzz79.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    @SACL=
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @SACL=
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @SACL=
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @SACL=
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @SACL=
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @SACL=
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @SACL=
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @SACL=
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @SACL=
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @SACL=
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @SACL=
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @SACL=
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @SACL=
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @SACL=
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @SACL=
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @SACL=
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @SACL=
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-10-31 21:56:50
    ComboFix-quarantined-files.txt 2011-11-01 01:56
    .
    Pre-Run: 351,525,031,936 bytes free
    Post-Run: 353,912,184,832 bytes free
    .
    - - End Of File - - 732BCEFAE87606CC5D3FBB58DE382572
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...