Solved Host of problems: Pop-ups, redirections, printer failure etc

[Jimpact]

Hey guys, after attempts to clean up my laptop before, it continues to frustrate me. Whilst none of the problems have been dire in effecting my day-to-day usage, there comes a point where it just frustrates you too much. It also seems to be getting more problematic. Whilst I can't recall all issues I've had, here are some:

- Constant pop-up tabs in firefox, usually ads relating to things I've searched in google
- Unable to use printers due to 'spooler' problems
- A new one is google results redirecting to ad pages
- IE doesn't work at all
- Unable to run Windows Update, amongst other updates

I'm running on Windows 7.

As per instructions, here are my logs...

MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4792

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/10/2010 12:55:57 PM
mbam-log-2010-10-11 (12-55-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 284242
Time elapsed: 48 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS
DDS (Ver_10-10-10.03) - NTFSx86
Run by Jizzim at 13:09:10.15 on Mon 11/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1714 [GMT 11:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Jizzim\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S11BB.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [CheckPoint Cleanup] c:\users\jizzim\appdata\local\temp\cpes_clean_launcher.exe c:\users\jizzim\appdata\local\temp\cpes_clean.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\jizzim\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\jizzim\appdata\roaming\mozilla\firefox\profiles\j93md7hc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jizzim\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-14 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-8 162640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe [2010-3-4 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-8 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-8 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1357464]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2010-3-4 126392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-14 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-8 40384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-4 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-1-10 228408]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-13 125056]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-22 66592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-30 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

=============== Created Last 30 ================

2010-10-11 01:04:12 -------- d-----w- c:\users\jizzim\appdata\roaming\Malwarebytes
2010-10-11 01:03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 01:03:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 01:03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 01:03:32 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-06 04:53:45 -------- d-----w- c:\users\jizzim\appdata\roaming\WildTangent
2010-09-23 01:10:51 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-18 09:55:26 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-09-18 09:55:26 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2010-09-18 09:55:21 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-18 09:55:21 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-09-18 09:55:21 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 09:55:20 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-09-18 09:55:20 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-09-18 09:55:20 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-09-18 09:55:20 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-09-18 09:55:20 -------- d-----w- c:\users\jizzim\appdata\roaming\FreeBurner
2010-09-18 09:55:20 -------- d-----w- c:\program files\Free Easy Burner
2010-09-14 02:45:42 -------- d-----w- c:\users\jizzim\appdata\local\DOSBox
2010-09-14 02:45:14 -------- d-----w- C:\DOSGAMES
2010-09-14 02:44:29 -------- d-----w- c:\program files\DOSBox-0.74

==================== Find3M ====================

2010-08-12 12:15:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-07 04:17:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 03:51:00 14904 ----a-w- c:\windows\help\oem\scripts\LaunchHPForums.exe

============= FINISH: 13:09:54.72 ===============


Happy to run other programs/logs on request.

Help is greatly appreciated and I thank anyone who takes time into looking into this

Cheers,

~Jimpact

 

[Broni]

Welcome aboard

Please, don't wrap logs in quotes.

Attach.txt part od DDS scan is missing, along with GMER log.

 

[Jimpact]

Thanks!

I don't think I can run GMER, I'm running Windows 7, attempted and the computer crashed.

Here is the attach...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/03/2010 6:26:14 PM
System Uptime: 10/11/2010 12:56:54 PM (-719 hours ago)

Motherboard: Hewlett-Packard | | 3659
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 2267/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 454 GiB total, 354.775 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.941 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP62: 23/08/2010 3:52:20 PM - Scheduled Checkpoint
RP63: 30/08/2010 1:41:53 PM - Installed FoodWorks 2009
RP64: 13/09/2010 8:15:59 PM - Scheduled Checkpoint
RP65: 22/09/2010 1:58:46 PM - Scheduled Checkpoint
RP66: 4/10/2010 3:17:35 PM - Scheduled Checkpoint

==== Installed Programs ======================

7-Zip 4.65
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0 MUI
Adobe Shockwave Player
Audacity 1.2.6
avast! Free Antivirus
BitTornado 0.3.17
Broadcom 802.11 Wireless LAN Adapter
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
DVD Shrink 3.2
Easy DVD Clone
ENE CIR Receiver Driver
EPSON Printer Software
ESU for Microsoft Windows 7
Facebook Plug-In
FLV Player 2.0 (build 25)
FoodWorks 2009
Free Easy Burner V 4.1
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Turbo Boost Technology Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LAME v3.98.2 for Audacity
Last.fm 1.5.4.24567
LightScribe System Software
LSI HDA Modem
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Professional Edition 2003
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
NVIDIA Drivers
OpenOffice.org 3.2
Pharos
Power2Go
PowerDirector
QLBCASL
Realtek Ethernet Controller Driver For Windows Vista and Later
Recovery Manager
SoftStylus
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Ultimate Paint 2.88 Freeware Edition
Virgin Mobile
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

==== Event Viewer Messages From Past Week ========

8/10/2010 10:24:30 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "C80AA920B288" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
11/10/2010 12:57:41 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/10/2010 11:58:53 AM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/10/2010 10:02:26 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
11/10/2010 1:04:51 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
11/10/2010 1:01:38 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


Cheers.

 

[Broni]

GMER won't run on Windows 7 64-bit, but in any case....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Jimpact]

Alright, ComboFix took ages, but I got it done!

MBRCheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 220):
0x8303B000 \SystemRoot\system32\ntkrnlpa.exe
0x83004000 \SystemRoot\system32\halmacpi.dll
0x80BCB000 \SystemRoot\system32\kdcom.dll
0x83628000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x836A0000 \SystemRoot\system32\PSHED.dll
0x836B1000 \SystemRoot\system32\BOOTVID.dll
0x836B9000 \SystemRoot\system32\CLFS.SYS
0x836FB000 \SystemRoot\system32\CI.dll
0x8BC00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BC71000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BC7F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BCC7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BCD0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BCD8000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BD02000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BD0D000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8BD1C000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8BD40000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD51000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BD59000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BD64000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BD74000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BDBF000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BDC6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BDD4000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8BDDB000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BDE2000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x8BDEA000 \SystemRoot\System32\drivers\mountmgr.sys
0x837A6000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x837C6000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x83600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x837E5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x837EC000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8BE3B000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8BF16000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BFF0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BE23000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C031000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C078000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C082000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C095000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C0FF000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C14B000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C171000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C185000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C1AB000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C1C2000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C000000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C009000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C212000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C22A000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C29D000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C2AD000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C2C7000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C2D7000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C2F1000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C2FC000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C38E000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C39C000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8C41A000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8C599000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8C5EE000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8C400000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8C3C1000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8C607000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C63B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C64C000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8C65B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C78A000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C7B5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C810000 \SystemRoot\System32\Drivers\cng.sys
0x8C86D000 \SystemRoot\System32\drivers\pcw.sys
0x8C87B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C884000 \SystemRoot\system32\drivers\ndis.sys
0x8C93B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C979000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CA28000 \SystemRoot\System32\drivers\tcpip.sys
0x8CB71000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CBA2000 \SystemRoot\system32\DRIVERS\wd.sys
0x8CBAA000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CBE9000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8CBF2000 \SystemRoot\System32\Drivers\spldr.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8C99E000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CA18000 \SystemRoot\System32\Drivers\mup.sys
0x8C9CB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C9D3000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8C7C8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C9DC000 \SystemRoot\system32\DRIVERS\disk.sys
0x91522000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91541000 \SystemRoot\system32\drivers\NIS\1100000.088\SRTSP.SYS
0x91598000 \SystemRoot\system32\drivers\NIS\1100000.088\SRTSPX.SYS
0x91E33000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVEX15.SYS
0x91F75000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\NAVENG.SYS
0x91F89000 \SystemRoot\System32\Drivers\Null.SYS
0x91F90000 \SystemRoot\System32\Drivers\Beep.SYS
0x91F97000 \SystemRoot\System32\drivers\vga.sys
0x91FA3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91FC4000 \SystemRoot\System32\drivers\watchdog.sys
0x91FD1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91FD9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91FE1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x91FE9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91E0E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91E25000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91FF4000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x915A2000 \SystemRoot\system32\drivers\afd.sys
0x91400000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x91405000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C800000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x92630000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9264F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x92660000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9266E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92681000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92691000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x926D2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x926DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x926E6000 \SystemRoot\System32\drivers\discache.sys
0x926F2000 \SystemRoot\System32\Drivers\dfsc.sys
0x9270A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92718000 \SystemRoot\System32\Drivers\aswSP.SYS
0x9273F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92760000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9381A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9418B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x92404000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x924BB000 \SystemRoot\System32\drivers\dxgmms1.sys
0x924F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92513000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92522000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x93212000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x934AB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x934EA000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x93516000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x93535000 \SystemRoot\system32\DRIVERS\enecir.sys
0x9354E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x93566000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9356F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9357C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x935B1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x935B3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x935C0000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x935DF000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x935EA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x93200000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x935F3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9256D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9257F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92597000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x925A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x925C4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x925DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9418D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x925F3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x941A4000 \SystemRoot\system32\DRIVERS\ks.sys
0x941D8000 \SystemRoot\system32\DRIVERS\circlass.sys
0x941E6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92764000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93800000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x927A8000 \SystemRoot\system32\drivers\nvhda32v.sys
0x927BB000 \SystemRoot\system32\drivers\portcls.sys
0x92600000 \SystemRoot\system32\drivers\drmk.sys
0x94E18000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x94E83000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x94F9F000 \SystemRoot\system32\drivers\modem.sys
0x94FAC000 \SystemRoot\system32\DRIVERS\hidir.sys
0x94FBB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x94FCE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94FD5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x94FE1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94FEC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x94E00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x934B5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x95A10000 \SystemRoot\System32\Drivers\fastfat.SYS
0x95A3A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95A47000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95B21000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99040000 \SystemRoot\System32\win32k.sys
0x95B32000 \SystemRoot\System32\drivers\Dxapi.sys
0x95B3C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x992A0000 \SystemRoot\System32\TSDDD.dll
0x992F0000 \SystemRoot\System32\ATMFD.DLL
0x95B47000 \SystemRoot\system32\drivers\luafv.sys
0x95B62000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x95B79000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x95B7C000 \SystemRoot\system32\drivers\WudfPf.sys
0x95B96000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95BA6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95BEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92619000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x91437000 \SystemRoot\system32\drivers\HTTP.sys
0x914BC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x927EA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x914D5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7A1F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7A5A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7A8D000 \SystemRoot\system32\drivers\peauth.sys
0xA7B24000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA7B2E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7B4F000 \??\C:\Windows\TEMP\mc2AE67.tmp
0xA7B50000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA7B5D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA7BAC000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7A00000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xB382F000 \SystemRoot\System32\Drivers\bthport.sys
0xB3893000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xB38B7000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xB38C4000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xB38DF000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0xB3952000 \SystemRoot\system32\drivers\btwaudio.sys
0xB39D3000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0xB39DE000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0xB39E1000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
0x993A0000 \SystemRoot\System32\cdd.dll
0x77700000 \Windows\System32\ntdll.dll
0x47F40000 \Windows\System32\smss.exe
0x77940000 \Windows\System32\apisetschema.dll

Processes (total 76):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
492 csrss.exe
568 C:\Windows\System32\wininit.exe
620 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\nvvsvc.exe
916 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
1304 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\hpservice.exe
1488 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\wlanext.exe
1584 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1596 C:\Windows\System32\conhost.exe
1616 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
304 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
1600 C:\Program Files\LSI SoftModem\agrsmsvc.exe
488 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2060 C:\Windows\System32\svchost.exe
2132 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2200 C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
2252 C:\Windows\System32\svchost.exe
2312 C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
2348 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2392 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2564 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2960 unsecapp.exe
3224 WmiPrvSE.exe
1864 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3888 C:\Windows\System32\SearchIndexer.exe
4004 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4456 C:\Windows\System32\svchost.exe
4820 C:\Program Files\Windows Media Player\wmpnetwk.exe
5092 C:\Windows\System32\svchost.exe
3656 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4664 C:\Windows\System32\svchost.exe
4304 csrss.exe
5924 C:\Windows\System32\winlogon.exe
5548 C:\Windows\System32\nvvsvc.exe
3664 C:\Windows\System32\taskhost.exe
3904 C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
3220 C:\Windows\System32\dwm.exe
3300 C:\Windows\explorer.exe
3568 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3556 C:\Program Files\IDT\WDM\sttray.exe
2720 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
128 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
508 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
5604 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3464 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
668 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3764 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
4280 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4248 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3892 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3084 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5492 C:\Program Files\OpenOffice.org 3\program\soffice.bin
2372 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5852 C:\Windows\System32\taskeng.exe
5744 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4696 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
5140 C:\Windows\System32\msiexec.exe
5812 C:\Program Files\Mozilla Firefox\firefox.exe
3848 C:\Windows\System32\audiodg.exe
784 dllhost.exe
3860 dllhost.exe
2744 C:\Users\Jizzim\Downloads\MBRCheck.exe
2272 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7bf00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC72E

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 510DDE42DA0E4925CCDCFC002F89829DEBC1AD2D


Found non-standard or infected MBR.

 

[Jimpact]

ComboFix
ComboFix 10-10-10.02 - Jizzim 11/10/2010 14:36:32.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1970 [GMT 11:00]
Running from: c:\users\Jizzim\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\system32\spool\prtprocs\w32x86\PSR0244A.DLL

Infected copy of c:\windows\system32\drivers\blbdrive.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-11 03:43 . 2010-10-11 04:06 -------- d-----w- c:\users\Jizzim\AppData\Local\temp
2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-11 03:05 . 2010-10-11 03:05 -------- d-----w- c:\program files\Common Files\Java
2010-10-11 01:04 . 2010-10-11 01:04 -------- d-----w- c:\users\Jizzim\AppData\Roaming\Malwarebytes
2010-10-11 01:03 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-11 01:03 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 04:53 . 2010-10-06 04:53 -------- d-----w- c:\users\Jizzim\AppData\Roaming\WildTangent
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-18 09:55 . 2006-11-18 01:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2010-09-18 09:55 . 1998-07-13 07:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-09-18 09:55 . 2003-01-26 02:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-18 09:55 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 09:55 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-09-18 09:55 . 2010-09-18 09:56 -------- d-----w- c:\users\Jizzim\AppData\Roaming\FreeBurner
2010-09-18 09:55 . 2010-09-18 09:55 -------- d-----w- c:\program files\Free Easy Burner
2010-09-18 09:55 . 2008-09-24 11:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-09-18 09:55 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-09-18 09:55 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-09-18 09:55 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-09-14 02:45 . 2010-09-14 02:45 -------- d-----w- c:\users\Jizzim\AppData\Local\DOSBox
2010-09-14 02:45 . 2010-09-14 10:46 -------- d-----w- C:\DOSGAMES
2010-09-14 02:44 . 2010-09-14 02:44 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-21 495708]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 00:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jizzim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc27FE8.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-11 15:44:38
ComboFix-quarantined-files.txt 2010-10-11 04:44

Pre-Run: 380,669,247,488 bytes free
Post-Run: 380,159,819,776 bytes free

- - End Of File - - 9793E1C21D6AAE726B7D128B99133B3D

 

[Broni]

First, we need to fix your MBR, which seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[Jimpact]

Okay, I've been attempting to complete this latest step.

I didn't have issues with burning the disc (or so I think), but when I try and boot from the CD, I get errors just before I reach the 'Next you want to select the appropriate tool.'...

Can't open CD driver CDRCACH
SHSUCDX can't install.
ERROR: Failure loading; unable to find CD ROM drive
ERROR: If you have multiple CD ROM drives, please remove the other
ERROR: CD-ROMs discs and try again, Otherwise your disc may be corrupt or the CD-ROM driver does not correctly support your system.

Please reboot your computer now.

 

[Broni]

OK. Let's try different way...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

 

[Jimpact]

Alright, that all went to plan!

Here's the new log...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 217):
0x83045000 \SystemRoot\system32\ntkrnlpa.exe
0x8300E000 \SystemRoot\system32\halmacpi.dll
0x80B97000 \SystemRoot\system32\kdcom.dll
0x8360E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83686000 \SystemRoot\system32\PSHED.dll
0x83697000 \SystemRoot\system32\BOOTVID.dll
0x8369F000 \SystemRoot\system32\CLFS.SYS
0x836E1000 \SystemRoot\system32\CI.dll
0x8378C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83600000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BC33000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BC7B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BC84000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BC8C000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BCB6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BCC1000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8BCD0000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8BCF4000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD05000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BD0D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BD18000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BD28000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BD73000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BD7A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BD88000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8BD8F000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BD96000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x8BD9E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BDB4000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x8BDD4000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BC25000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BDF3000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8BE19000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8BEF4000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BFCE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BFD7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BE00000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C019000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C060000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C06A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C07D000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C0E7000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C133000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C159000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C16D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C193000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C1AA000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C000000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C216000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C22E000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C2A1000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C2B1000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C2CB000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C2DB000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C2F5000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C300000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C392000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C3A0000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8C425000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8C5A4000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8C400000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8C40D000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8C3C5000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8C635000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C669000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C67A000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8C689000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C7B8000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C7E3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C82F000 \SystemRoot\System32\Drivers\cng.sys
0x8C88C000 \SystemRoot\System32\drivers\pcw.sys
0x8C89A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C8A3000 \SystemRoot\system32\drivers\ndis.sys
0x8C95A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C998000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CA15000 \SystemRoot\System32\drivers\tcpip.sys
0x8CB5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CB8F000 \SystemRoot\system32\DRIVERS\wd.sys
0x8CB97000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CBD6000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8CBDF000 \SystemRoot\System32\Drivers\spldr.sys
0x8CBE7000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8C9BD000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CA00000 \SystemRoot\System32\Drivers\mup.sys
0x8C9EA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C9F2000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8C600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C800000 \SystemRoot\system32\DRIVERS\disk.sys
0x9112A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91149000 \SystemRoot\System32\Drivers\Null.SYS
0x91150000 \SystemRoot\System32\Drivers\Beep.SYS
0x91157000 \SystemRoot\System32\drivers\vga.sys
0x91163000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91184000 \SystemRoot\System32\drivers\watchdog.sys
0x91191000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91199000 \SystemRoot\system32\drivers\rdpencdd.sys
0x911A1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x911A9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x911B4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x911C2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x911D9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x911E4000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x9082D000 \SystemRoot\system32\drivers\afd.sys
0x90887000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9088C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x908BE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x908C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x908E4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x908F5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90903000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90916000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90926000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90967000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90971000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9097B000 \SystemRoot\System32\drivers\discache.sys
0x90987000 \SystemRoot\System32\Drivers\dfsc.sys
0x9099F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x909AD000 \SystemRoot\System32\Drivers\aswSP.SYS
0x909D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x909F5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92A28000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93399000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91C2F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91CE6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91D1F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91D3E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91D4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91E0B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x920A4000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x920E3000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9210F000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x9212E000 \SystemRoot\system32\DRIVERS\enecir.sys
0x92147000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9215F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x92168000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92175000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x921AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x921AC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x921B9000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x921D8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x921E3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x921EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91D98000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91DA5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91DB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91DCF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91C00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91C18000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9339B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x921FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x933B2000 \SystemRoot\system32\DRIVERS\ks.sys
0x91DF1000 \SystemRoot\system32\DRIVERS\circlass.sys
0x933E6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92424000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92468000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92479000 \SystemRoot\system32\drivers\nvhda32v.sys
0x9248C000 \SystemRoot\system32\drivers\portcls.sys
0x924BB000 \SystemRoot\system32\drivers\drmk.sys
0x924D4000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x92606000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x92722000 \SystemRoot\system32\drivers\modem.sys
0x9272F000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9273E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92751000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92758000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x92764000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9276F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92799000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x927A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x927BB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x927DF000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9253F000 \SystemRoot\System32\Drivers\bthport.sys
0x925A3000 \SystemRoot\system32\DRIVERS\udfs.sys
0x92400000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x927F1000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x925E3000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x91000000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x91073000 \SystemRoot\system32\drivers\btwaudio.sys
0x920AE000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x92600000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x94C80000 \SystemRoot\System32\win32k.sys
0x920B9000 \SystemRoot\System32\drivers\Dxapi.sys
0x920C3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82217000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x822F1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82302000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94EE0000 \SystemRoot\System32\TSDDD.dll
0x94F10000 \SystemRoot\System32\cdd.dll
0x8230D000 \SystemRoot\system32\drivers\luafv.sys
0x82328000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8233F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x82342000 \SystemRoot\system32\drivers\WudfPf.sys
0x94F30000 \SystemRoot\System32\ATMFD.DLL
0x8235C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8236C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x823B2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x823C2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0C37000 \SystemRoot\system32\drivers\HTTP.sys
0xA0CBC000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0CD5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0CE7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0D0A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0D45000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0D60000 \SystemRoot\system32\drivers\peauth.sys
0xA0C00000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0C0A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x823D5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2410000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA245F000 \SystemRoot\System32\DRIVERS\srv.sys
0xA24B0000 \??\C:\Windows\TEMP\mc2B24D.tmp
0xA24B3000 \SystemRoot\system32\drivers\spsys.sys
0x77340000 \Windows\System32\ntdll.dll
0x48140000 \Windows\System32\smss.exe
0x77580000 \Windows\System32\apisetschema.dll

Processes (total 81):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
544 csrss.exe
596 C:\Windows\System32\wininit.exe
604 csrss.exe
656 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
772 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\nvvsvc.exe
900 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
1148 C:\Windows\System32\audiodg.exe
1288 C:\Windows\servicing\TrustedInstaller.exe
1312 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\winlogon.exe
1484 C:\Windows\System32\hpservice.exe
1552 C:\Windows\System32\svchost.exe
1620 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1628 C:\Windows\System32\wlanext.exe
1640 C:\Windows\System32\conhost.exe
1660 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
2004 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
484 C:\Program Files\LSI SoftModem\agrsmsvc.exe
644 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1032 C:\Windows\System32\svchost.exe
1264 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1516 C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
2080 C:\Windows\System32\svchost.exe
2116 C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
2164 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2244 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2296 C:\Windows\System32\svchost.exe
2452 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2840 unsecapp.exe
2948 WmiPrvSE.exe
3064 C:\Windows\System32\svchost.exe
3312 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3428 C:\Windows\System32\nvvsvc.exe
3500 C:\Windows\System32\svchost.exe
3644 C:\Windows\System32\taskhost.exe
3660 C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
3696 C:\Windows\System32\dwm.exe
3704 C:\Windows\explorer.exe
4016 C:\Windows\System32\SearchIndexer.exe
2792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2804 C:\Program Files\IDT\WDM\sttray.exe
788 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3048 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
800 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3072 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
3516 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3628 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2376 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3900 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3984 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4124 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4148 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4292 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4452 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4856 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4952 C:\Program Files\Windows Media Player\wmpnetwk.exe
5364 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
5424 C:\Windows\System32\taskeng.exe
5476 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
5544 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
4524 C:\Windows\System32\ctfmon.exe
4280 C:\Windows\System32\spoolsv.exe
1216 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
608 C:\Windows\System32\sppsvc.exe
1888 C:\Windows\System32\svchost.exe
3924 C:\Users\Jizzim\Downloads\MBRCheck.exe
1900 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3204 C:\Windows\System32\conhost.exe
5240 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7bf00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC72E

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


Cheers.

 

[Broni]

Looks good

Please, re-run Combofix and post fresh log.

 

[Jimpact]

ComboFix Log 2

ComboFix 10-10-11.01 - Jizzim 12/10/2010 14:25:46.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1681 [GMT 11:00]
Running from: c:\users\Jizzim\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 03:30 . 2010-10-12 03:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-12 03:30 . 2010-10-12 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 03:21 . 2010-10-12 03:24 -------- d-----w- C:\32788R22FWJFW
2010-10-11 13:55 . 2009-11-25 01:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-11 13:55 . 2009-11-25 01:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-11 13:55 . 2009-11-25 01:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-11 13:55 . 2009-11-25 01:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-11 13:55 . 2009-11-25 01:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-11 06:37 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-11 06:37 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-11 06:37 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-11 06:37 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-11 06:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-10-11 06:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-10-11 06:36 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-11 06:36 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-10-11 06:36 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-10-11 06:36 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-11 06:36 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-10-11 06:36 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-10-11 06:36 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-11 06:36 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-11 06:36 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-11 06:33 . 2010-09-15 23:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9626A06E-B9AD-43DE-A069-0B78A9E4FD2A}\mpengine.dll
2010-10-11 04:44 . 2010-10-12 03:30 -------- d-----w- c:\users\Jizzim\AppData\Local\temp
2010-10-11 03:05 . 2010-10-11 03:05 -------- d-----w- c:\program files\Common Files\Java
2010-10-11 01:04 . 2010-10-11 01:04 -------- d-----w- c:\users\Jizzim\AppData\Roaming\Malwarebytes
2010-10-11 01:03 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-11 01:03 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 04:53 . 2010-10-06 04:53 -------- d-----w- c:\users\Jizzim\AppData\Roaming\WildTangent
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-18 09:55 . 2006-11-18 01:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2010-09-18 09:55 . 1998-07-13 07:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-09-18 09:55 . 2003-01-26 02:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-18 09:55 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 09:55 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-09-18 09:55 . 2010-09-18 09:56 -------- d-----w- c:\users\Jizzim\AppData\Roaming\FreeBurner
2010-09-18 09:55 . 2010-09-18 09:55 -------- d-----w- c:\program files\Free Easy Burner
2010-09-18 09:55 . 2008-09-24 11:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-09-18 09:55 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-09-18 09:55 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-09-18 09:55 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-09-14 02:45 . 2010-09-14 02:45 -------- d-----w- c:\users\Jizzim\AppData\Local\DOSBox
2010-09-14 02:45 . 2010-09-14 10:46 -------- d-----w- C:\DOSGAMES
2010-09-14 02:44 . 2010-09-14 02:44 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-21 495708]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 00:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jizzim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc25F00.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5164)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2010-10-12 15:02:24
ComboFix-quarantined-files.txt 2010-10-12 04:02
ComboFix2.txt 2010-10-11 04:44

Pre-Run: 381,659,049,984 bytes free
Post-Run: 381,259,771,904 bytes free

- - End Of File - - 85E0D691DEDA0A5BBB066A78604823A9


_________________________________________________

STATUS UPDATE

- Pop-up tabs in firefox seem to be gone
- IE is now functional
- Google doesn't seem to be redirecting to ads anymore

I haven't tested using the printer yet.

Looking good, a donation may be on it's way to you soon!

 

[Broni]

We're not done yet, but I'm glad to see your computer feeling better

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
mchInjDrv

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Jimpact]

Hmm, not sure how that one went (but these combofixes take ages, about an hour each).

ComboFix 10-10-11.02 - Jizzim 12/10/2010 16:15:27.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1546 [GMT 11:00]
Running from: c:\users\Jizzim\Downloads\ComboFix.exe
Command switches used :: c:\users\Jizzim\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((( Files Created from 2010-09-12 to 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 05:19 . 2010-10-12 05:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-12 05:19 . 2010-10-12 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 05:14 . 2010-10-12 05:14 -------- d-----w- C:\32788R22FWJFW
2010-10-11 13:55 . 2009-11-25 01:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-11 13:55 . 2009-11-25 01:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-11 13:55 . 2009-11-25 01:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-11 13:55 . 2009-11-25 01:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-11 13:55 . 2009-11-25 01:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-11 06:37 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-11 06:37 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-11 06:37 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-11 06:37 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-11 06:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-10-11 06:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-10-11 06:36 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-11 06:36 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-10-11 06:36 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-10-11 06:36 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-11 06:36 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-10-11 06:36 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-10-11 06:36 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-11 06:36 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-11 06:36 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-11 06:33 . 2010-09-15 23:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9626A06E-B9AD-43DE-A069-0B78A9E4FD2A}\mpengine.dll
2010-10-11 04:44 . 2010-10-12 05:36 -------- d-----w- c:\users\Jizzim\AppData\Local\temp
2010-10-11 03:05 . 2010-10-11 03:05 -------- d-----w- c:\program files\Common Files\Java
2010-10-11 01:04 . 2010-10-11 01:04 -------- d-----w- c:\users\Jizzim\AppData\Roaming\Malwarebytes
2010-10-11 01:03 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 01:03 . 2010-10-11 01:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-11 01:03 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-06 04:53 . 2010-10-06 04:53 -------- d-----w- c:\users\Jizzim\AppData\Roaming\WildTangent
2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-18 09:55 . 2006-11-18 01:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2010-09-18 09:55 . 1998-07-13 07:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-09-18 09:55 . 2003-01-26 02:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-09-18 09:55 . 1999-03-25 08:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-18 09:55 . 1998-07-12 12:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-09-18 09:55 . 2010-09-18 09:56 -------- d-----w- c:\users\Jizzim\AppData\Roaming\FreeBurner
2010-09-18 09:55 . 2010-09-18 09:55 -------- d-----w- c:\program files\Free Easy Burner
2010-09-18 09:55 . 2008-09-24 11:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-09-18 09:55 . 2000-10-01 08:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-09-18 09:55 . 1998-07-12 12:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-09-18 09:55 . 1998-07-12 08:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-09-14 02:45 . 2010-09-14 02:45 -------- d-----w- c:\users\Jizzim\AppData\Local\DOSBox
2010-09-14 02:45 . 2010-09-14 10:46 -------- d-----w- C:\DOSGAMES
2010-09-14 02:44 . 2010-09-14 02:44 -------- d-----w- c:\program files\DOSBox-0.74

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-29 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-15 1549608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-21 495708]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 567864]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-03 204288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-06 1357464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-13 125056]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 00:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jizzim\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3092)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-10-12 17:12:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-12 06:12
ComboFix2.txt 2010-10-12 04:02
ComboFix3.txt 2010-10-11 04:44

Pre-Run: 381,304,172,544 bytes free
Post-Run: 381,122,711,552 bytes free

- - End Of File - - 59655D4C537E22EB74B46A8D4D75D09C


_________________________________________________

Sidenote: I'm not sure if you will be able to help with the printer or not, but it would be great if you can. Despite constant attempts to fix the printer/driver/spooler problem, it persists.

 

[Broni]

It went well
Combofix log looks good.
Regarding printer, that would be up to some other forum.
I wish, I could help, but we're too busy here, just to make sure people's computers are clean.

How is computer doing at the moment?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Jimpact]

My computer seems to be chugging along quite well now, all the issues bar the printer and maybe updating some programs seems to be fixed.

If you can't help with the printer, I was wondering if you know somewhere else trustworthy where I can ask for help?

Here are the logs...

OTL
OTL logfile created on: 10/13/2010 11:27:08 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jizzim\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.74 Gb Total Space | 355.05 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
Drive D: | 11.72 Gb Total Space | 1.94 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.34% Space Free | Partition Type: FAT32
Drive F: | 238.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JCEL | User Name: Jizzim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
PRC - [2010/10/06 11:19:13 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/06 11:19:12 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/21 01:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 01:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/09 23:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/21 18:35:26 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/10/21 18:35:26 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
PRC - [2009/10/06 18:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/05 07:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 07:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 07:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/26 04:55:34 | 000,567,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 12:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/19 18:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009/03/03 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/15 12:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/02/22 16:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
MOD - [2009/07/14 12:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 12:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 12:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 12:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 12:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 12:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 12:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 12:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 12:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 12:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 12:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 12:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/06 11:19:12 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/30 10:09:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 23:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/21 18:35:26 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe -- (STacSV)
SRV - [2009/09/05 07:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 12:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 12:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 12:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 12:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 12:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 12:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 12:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 12:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 12:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 12:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 12:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 12:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 12:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 12:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 12:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 12:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 12:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/06 11:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/28 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/03 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/15 12:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/02/22 16:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)

 

[Jimpact]

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jizzim\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 23:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 23:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/09 19:09:42 | 002,709,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2010/03/09 23:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 23:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 23:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 23:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/03/09 23:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/11 18:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/30 04:20:40 | 009,906,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/21 18:35:26 | 000,420,352 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/10/13 14:00:00 | 000,125,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/03 14:57:58 | 000,204,288 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/09/18 07:54:50 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/09/18 07:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/09/18 07:54:40 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/09/18 07:54:36 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/09/10 16:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/22 20:54:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/08/15 17:54:54 | 000,223,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/08/08 15:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/07/22 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 14:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/07/14 12:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 12:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 12:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 12:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 12:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 12:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 12:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 12:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 12:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 12:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 12:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 12:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 12:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 12:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 12:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 12:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 12:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 12:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 12:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 12:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 12:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 12:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 12:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 12:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 12:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 12:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 12:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 12:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 12:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 12:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 12:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 12:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 12:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 12:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 12:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 12:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 11:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 11:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 11:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 10:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 10:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 10:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 10:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 10:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 10:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 10:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 10:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 10:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 10:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 10:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 10:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 10:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 10:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 10:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 10:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 09:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 09:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 09:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 09:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 09:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 09:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 09:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/14 09:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/14 09:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/14 09:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 09:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/14 09:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 09:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 09:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/09 08:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/09 08:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/30 05:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/11 08:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/30 03:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 16:20:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/10 23:21:10 | 000,000,000 | ---D | M]

[2010/03/24 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Extensions
[2010/10/13 01:21:48 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions
[2010/04/11 13:46:57 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/05/26 01:23:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/23 12:28:55 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/05/14 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Mozilla\Firefox\Profiles\j93md7hc.default\extensions\radiobar@toolbar
[2010/10/11 14:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/07 15:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/11 14:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/17 05:27:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/17 05:27:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/17 05:27:25 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/17 05:27:25 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

 

[Jimpact]

O1 HOSTS File: ([2010/10/12 16:36:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 90 Days ==========

[2010/10/13 11:23:16 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
[2010/10/12 16:42:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/12 16:19:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/12 16:14:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/12 16:14:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/11 17:13:44 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Desktop\NTBR_CD
[2010/10/11 15:44:40 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Local\temp
[2010/10/11 14:30:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/11 14:30:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/11 14:30:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/11 14:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/11 14:29:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/11 14:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/11 12:04:12 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\Malwarebytes
[2010/10/11 12:03:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/11 12:03:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/11 12:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 12:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/06 15:53:45 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\WildTangent
[2010/09/18 20:55:26 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\System32\vbalExpBar6.ocx
[2010/09/18 20:55:21 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\SSubTmr6.dll
[2010/09/18 20:55:20 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\FreeBurner
[2010/09/18 20:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy Burner
[2010/09/14 13:45:42 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Local\DOSBox
[2010/09/14 13:45:14 | 000,000,000 | ---D | C] -- C:\DOSGAMES
[2010/09/14 13:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2010/08/30 14:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Xyris Software
[2010/08/30 14:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xyris Software
[2010/08/29 22:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Local\Sunbelt Software
[2010/08/29 22:40:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/14 13:51:33 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/07 15:19:34 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\AppData\Roaming\OpenOffice.org
[2010/08/07 15:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/08/07 15:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/08/07 15:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/07 15:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/07 15:15:47 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Desktop\OpenOffice.org 3.2 (en-GB) Installation Files
[2010/08/06 23:24:02 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Documents\KP Downloads
[2010/07/24 12:55:27 | 000,000,000 | ---D | C] -- C:\Users\Jizzim\Documents\VirtualDJ
[2010/07/24 12:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[1 C:\Users\Jizzim\Documents\*.tmp files -> C:\Users\Jizzim\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe
[2010/10/13 09:44:05 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 09:44:05 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 09:42:07 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/13 09:40:51 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/13 09:40:51 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/13 09:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/13 09:36:22 | 2408,734,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/13 01:28:14 | 000,024,046 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.odt
[2010/10/12 16:36:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/12 16:05:24 | 000,015,824 | ---- | M] () -- C:\Users\Jizzim\Documents\Assessment Timetable T2.odt
[2010/10/12 13:33:57 | 000,444,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/11 16:46:58 | 002,565,432 | ---- | M] () -- C:\Users\Jizzim\Desktop\NTBR_CD.exe
[2010/10/11 13:51:22 | 371,888,057 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/11 12:03:35 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/10 23:21:10 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/06 17:21:38 | 000,001,249 | ---- | M] () -- C:\Users\Jizzim\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
[2010/10/06 17:21:38 | 000,001,225 | ---- | M] () -- C:\Users\Jizzim\Desktop\Play HP Games.lnk
[2010/10/04 09:46:16 | 000,013,645 | ---- | M] () -- C:\Users\Jizzim\Documents\final speech.odt
[2010/09/30 01:54:41 | 000,048,707 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE204 Labs Pt II.odt
[2010/09/29 13:30:25 | 000,020,571 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE202 Assignment.odt
[2010/09/28 00:57:09 | 000,028,286 | ---- | M] () -- C:\Users\Jizzim\Documents\speech.odt
[2010/09/23 14:47:47 | 000,040,209 | ---- | M] () -- C:\Users\Jizzim\Documents\HSN102 Summaries.odt
[2010/09/21 10:04:20 | 000,015,953 | ---- | M] () -- C:\Users\Jizzim\Documents\20th-26th.ods
[2010/09/18 20:55:26 | 000,001,051 | ---- | M] () -- C:\Users\Jizzim\Desktop\Free Easy Burner.lnk
[2010/09/14 13:44:29 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010/09/11 01:09:35 | 000,023,687 | ---- | M] () -- C:\Users\Jizzim\Documents\Final Copy.odt
[2010/09/10 23:28:45 | 000,185,161 | ---- | M] () -- C:\Users\Jizzim\Documents\jcel_tjkir_HSE212.pdf
[2010/09/10 11:08:05 | 000,024,174 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE212 Assignment 2.odt
[2010/09/01 17:41:41 | 000,942,080 | ---- | M] () -- C:\Users\Jizzim\Documents\Nutrition Assignment.fwb
[2010/09/01 14:46:23 | 004,091,063 | ---- | M] () -- C:\Users\Jizzim\Documents\HSN102 Assignment.odt
[2010/09/01 13:08:11 | 000,017,266 | ---- | M] () -- C:\Users\Jizzim\Documents\COMPARISON.ods
[2010/08/30 15:56:07 | 006,218,877 | ---- | M] () -- C:\Users\Jizzim\Documents\FWPRO2009 Intro Guide 9 Feb10.pdf
[2010/08/29 22:40:18 | 000,001,124 | ---- | M] () -- C:\Users\Jizzim\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/29 22:40:18 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/24 01:14:40 | 000,010,603 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE212 Assignment.odt
[2010/08/23 12:31:47 | 000,031,220 | ---- | M] () -- C:\Users\Jizzim\Documents\Lab3.odt
[2010/08/12 23:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/12 23:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/08/07 15:19:55 | 000,001,193 | ---- | M] () -- C:\Users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/08/07 15:18:50 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/08/07 15:15:57 | 000,013,742 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE204 Summaries.rtf
[2010/08/06 15:23:55 | 000,080,023 | ---- | M] () -- C:\Users\Jizzim\Documents\Amazing Race Application.pdf
[2010/08/03 02:20:55 | 000,177,331 | ---- | M] () -- C:\Users\Jizzim\Desktop\Untitled.jpg
[2010/07/30 15:02:41 | 000,002,055 | ---- | M] () -- C:\Users\Jizzim\Documents\Accounts.rtf
[2010/07/26 02:04:42 | 000,003,477 | ---- | M] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.rtf
[1 C:\Users\Jizzim\Documents\*.tmp files -> C:\Users\Jizzim\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/12 13:39:55 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/11 16:54:27 | 002,565,432 | ---- | C] () -- C:\Users\Jizzim\Desktop\NTBR_CD.exe
[2010/10/11 14:30:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/11 14:30:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/11 14:30:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/11 14:30:27 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/11 14:30:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/11 12:03:35 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/06 17:21:38 | 000,001,249 | ---- | C] () -- C:\Users\Jizzim\Application Data\Microsoft\Internet Explorer\Quick Launch\Play HP Games.lnk
[2010/10/06 17:21:38 | 000,001,225 | ---- | C] () -- C:\Users\Jizzim\Desktop\Play HP Games.lnk

 

[Jimpact]

[2010/10/04 00:40:17 | 000,013,645 | ---- | C] () -- C:\Users\Jizzim\Documents\final speech.odt
[2010/09/29 00:37:24 | 000,020,571 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE202 Assignment.odt
[2010/09/27 13:58:39 | 000,028,286 | ---- | C] () -- C:\Users\Jizzim\Documents\speech.odt
[2010/09/21 13:46:13 | 000,048,707 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE204 Labs Pt II.odt
[2010/09/21 10:04:18 | 000,015,953 | ---- | C] () -- C:\Users\Jizzim\Documents\20th-26th.ods
[2010/09/20 17:49:23 | 000,040,209 | ---- | C] () -- C:\Users\Jizzim\Documents\HSN102 Summaries.odt
[2010/09/18 20:55:26 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2010/09/18 20:55:26 | 000,001,051 | ---- | C] () -- C:\Users\Jizzim\Desktop\Free Easy Burner.lnk
[2010/09/18 20:55:20 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/09/14 13:44:29 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010/09/11 15:37:54 | 000,015,824 | ---- | C] () -- C:\Users\Jizzim\Documents\Assessment Timetable T2.odt
[2010/09/10 23:26:47 | 000,185,161 | ---- | C] () -- C:\Users\Jizzim\Documents\jcel_tjkir_HSE212.pdf
[2010/09/10 11:37:30 | 000,023,687 | ---- | C] () -- C:\Users\Jizzim\Documents\Final Copy.odt
[2010/09/07 00:46:15 | 000,024,174 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE212 Assignment 2.odt
[2010/09/01 17:44:15 | 000,024,046 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.odt
[2010/08/31 17:43:53 | 004,091,063 | ---- | C] () -- C:\Users\Jizzim\Documents\HSN102 Assignment.odt
[2010/08/30 15:55:44 | 006,218,877 | ---- | C] () -- C:\Users\Jizzim\Documents\FWPRO2009 Intro Guide 9 Feb10.pdf
[2010/08/29 23:30:36 | 000,017,266 | ---- | C] () -- C:\Users\Jizzim\Documents\COMPARISON.ods
[2010/08/24 01:14:38 | 000,010,603 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE212 Assignment.odt
[2010/08/18 18:53:21 | 000,031,220 | ---- | C] () -- C:\Users\Jizzim\Documents\Lab3.odt
[2010/08/07 15:19:55 | 000,001,193 | ---- | C] () -- C:\Users\Jizzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/08/07 15:18:50 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010/08/06 15:23:55 | 000,080,023 | ---- | C] () -- C:\Users\Jizzim\Documents\Amazing Race Application.pdf
[2010/08/03 02:20:55 | 000,177,331 | ---- | C] () -- C:\Users\Jizzim\Desktop\Untitled.jpg
[2010/07/24 02:02:28 | 000,013,742 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE204 Summaries.rtf
[2010/07/16 14:46:27 | 000,003,477 | ---- | C] () -- C:\Users\Jizzim\Documents\HSE202 Summaries.rtf
[2010/06/04 17:03:24 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/04/26 18:54:49 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/24 18:32:45 | 000,000,000 | ---- | C] () -- C:\Users\Jizzim\AppData\Local\QSwitch.txt
[2010/03/24 18:32:45 | 000,000,000 | ---- | C] () -- C:\Users\Jizzim\AppData\Local\DSwitch.txt
[2010/03/24 18:32:45 | 000,000,000 | ---- | C] () -- C:\Users\Jizzim\AppData\Local\AtStart.txt
[2010/03/24 18:32:42 | 000,000,282 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/03/07 01:25:52 | 001,683,456 | ---- | C] () -- C:\Windows\System32\ltclr13n.dll
[2010/03/07 01:25:52 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2010/03/07 01:25:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2010/03/04 20:40:28 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/04 20:40:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/04 20:40:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/04 20:39:58 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/04 20:39:25 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/04 20:23:02 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/03/04 20:22:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/03/04 20:18:57 | 000,000,283 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010/03/04 20:18:57 | 000,000,224 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010/01/10 20:07:01 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/01/10 20:04:19 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/01/10 20:03:30 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/01/10 20:03:05 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/09/30 10:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/04/08 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\.BitTornado
[2010/04/13 01:23:04 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\CheckPoint
[2010/05/16 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Elluminate
[2010/06/24 00:07:47 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\Facebook
[2010/09/18 20:56:08 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\FreeBurner
[2010/08/07 15:19:34 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\OpenOffice.org
[2010/06/04 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\PrimoPDF
[2010/10/06 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\Jizzim\AppData\Roaming\WildTangent
[2010/10/13 09:42:07 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/08/04 00:39:00 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/13 09:36:21 | 000,065,188 | ---- | M] () -- C:\aaw7boot.log
[2009/06/11 08:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/12 17:12:44 | 000,014,213 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 08:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/13 09:36:22 | 2408,734,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 21:55:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/20 21:55:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/13 09:36:27 | 3211,649,024 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 15:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 08:31:19 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/05/25 14:14:33 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\spool\prtprocs\w32x86\PSS0245D.DLL
[2010/05/25 14:14:33 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\spool\prtprocs\w32x86\PSS0245E.DLL
[2010/05/25 14:14:33 | 000,011,264 | ---- | M] (Pharos Systems International) -- C:\Windows\System32\spool\prtprocs\w32x86\PSS0245F.DLL
[2009/07/14 12:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/11 07:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 15:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

 

[Jimpact]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/24 18:32:58 | 000,000,221 | -HS- | M] () -- C:\Users\Jizzim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/11 16:46:58 | 002,565,432 | ---- | M] () -- C:\Users\Jizzim\Desktop\NTBR_CD.exe
[2010/10/13 11:23:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jizzim\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/12 13:34:13 | 000,000,402 | -HS- | M] () -- C:\Users\Jizzim\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/13 10:12:32 | 000,000,282 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2010/03/04 20:40:23 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/01/10 20:07:31 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/03/04 20:39:58 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/01/10 20:04:12 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/03/04 20:39:25 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/04 20:40:13 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/01/10 20:03:24 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/01/10 20:06:55 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/03/04 20:40:29 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:411E1BE2

< End of report >

Extras

OTL Extras logfile created on: 10/13/2010 11:27:08 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jizzim\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.74 Gb Total Space | 355.05 Gb Free Space | 78.25% Space Free | Partition Type: NTFS
Drive D: | 11.72 Gb Total Space | 1.94 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.34% Space Free | Partition Type: FAT32
Drive F: | 238.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JCEL | User Name: Jizzim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5C3E7880-7F8B-4A06-A3C3-95509F092161}" = HP MediaSmart SmartMenu
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{85EAFAD8-9FDB-4343-82CE-29674C1AC6E1}" = SoftStylus
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FB79808D-D401-420E-BB41-011C8CA4C7F3}" = FoodWorks 2009
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"7-Zip" = 7-Zip 4.65
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BitTornado" = BitTornado 0.3.17
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy DVD Clone" = Easy DVD Clone
"EPSON Printer and Utilities" = EPSON Printer Software
"FLV Player" = FLV Player 2.0 (build 25)
"Free Easy Burner_is1" = Free Easy Burner V 4.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"Pharos" = Pharos
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UP286_is1" = Ultimate Paint 2.88 Freeware Edition
"Virgin Mobile" = Virgin Mobile
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

 

[Jimpact]

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2010 6:35:47 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x9a0 Faulting application
start time: 0x01cb5dcb22aa2a8e Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 6767633d-c9be-11df-b7cd-0027139e74bb

Error - 9/26/2010 6:39:43 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x10b4 Faulting application
start time: 0x01cb5dcb4dceb384 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: f47a980a-c9be-11df-b7cd-0027139e74bb

Error - 9/26/2010 6:42:57 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x16f0 Faulting application
start time: 0x01cb5dcbe13bb42c Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 68177d22-c9bf-11df-b7cd-0027139e74bb

Error - 9/27/2010 6:05:33 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x9b4 Faulting application
start time: 0x01cb5e9014a5b4b3 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 58e570ef-ca83-11df-9971-0027139e74bb

Error - 9/27/2010 6:09:31 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: PSS0245E.DLL, version: 3.2.0.3901, time
stamp: 0x44e514d6 Exception code: 0xc0000005 Fault offset: 0x00000032 Faulting process
id: 0x1078 Faulting application start time: 0x01cb5e903f6951b9 Faulting application
path: C:\Windows\System32\spoolsv.exe Faulting module path: C:\Windows\system32\PSS0245E.DLL
Report
Id: e6d605b6-ca83-11df-9971-0027139e74bb

Error - 9/27/2010 6:12:48 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0xa4 Faulting application
start time: 0x01cb5e90d58b02d1 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 5c651b5e-ca84-11df-9971-0027139e74bb

Error - 9/27/2010 9:50:32 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x880 Faulting application
start time: 0x01cb5eaf81359a4f Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: c6e98eca-caa2-11df-98cc-0027139e74bb

Error - 9/27/2010 9:54:30 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x12ec Faulting application
start time: 0x01cb5eafad55a1d1 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 547d4de6-caa3-11df-98cc-0027139e74bb

Error - 9/27/2010 9:57:49 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1648 Faulting application
start time: 0x01cb5eb04140cb69 Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: cb16fdad-caa3-11df-98cc-0027139e74bb

Error - 9/28/2010 6:31:36 PM | Computer Name = JCEL | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bced7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00300032 Faulting process id: 0x998 Faulting application
start time: 0x01cb5f5ce2e8ec5b Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting
module path: unknown Report Id: 26ad2697-cb50-11df-9ff2-0027139e74bb

[ Hewlett-Packard Events ]
Error - 4/28/2010 7:48:59 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 4/28/2010 7:49:20 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 8/25/2010 3:55:37 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/15/2010 3:14:28 AM | Computer Name = JCEL | Source = Hewlett-Packard | ID = 0
Description = en-AU Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ System Events ]
Error - 7/9/2010 2:59:01 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/9/2010 3:02:03 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/9/2010 3:05:06 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 7/9/2010 7:57:55 AM | Computer Name = JCEL | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.

Error - 7/9/2010 9:38:25 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/9/2010 9:41:26 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/9/2010 9:44:28 AM | Computer Name = JCEL | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 7/9/2010 6:10:48 PM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/9/2010 6:13:50 PM | Computer Name = JCEL | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/9/2010 6:16:52 PM | Computer Name = JCEL | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).


< End of report >

 

[Broni]

Regarding printer, start new topic in "Hardware" forum. You'll find plenty of helpful people there.

=========================================================================

I shouldn't be doing this, but I couldn't resist, when I saw this:
C:\Users\Jizzim\Documents\Amazing Race Application.pdf

One of my favorite shows
I apologize for entering your private life

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [1 C:\Users\Jizzim\Documents\*.tmp files -> C:\Users\Jizzim\Documents\*.tmp -> ]
  @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:411E1BE2
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Jimpact]

Apologies for the lateness, I've got exams - but will do these ASAP (possibly later today).

(oh and 'Lynette' was my family's account on PayPal)

 

[Broni]

No need for apologies

...and thank you

 

[Jimpact]

I've done the first two, here's the log:

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0 MUI
Mozilla Firefox (3.6.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Going to do the third one now.