Hi,
First thank you for your help. I am currently trying to remove the Windows Vista Recovery Virus/Malware. I have followed the steps 7 step viruses/spyware/malware preliminary removal instructions. I have ran Malwarebytes and have removed 6 corrupted files. I ran GMER and DDS. I still cannot view any icons in my start menu but the windows vista recovery window and the constant hard drive fail errors no longer appear. Please let me know what I can do to get rid of this monster. Thank you for your help!
Malwarebytes anti malware log:
------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6686
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
5/26/2011 11:05:17 AM
mbam-log-2011-05-26 (11-05-17).txt
Scan type: Quick scan
Objects scanned: 194562
Time elapsed: 17 minute(s), 42 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> 3520 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yiMjvSkpKyOa (Trojan.FakeAlert) -> Value: yiMjvSkpKyOa -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\34070264.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Loretta\AppData\Local\Temp\Low\tmp4003.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
******************************************
GMER Log
******************************************
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 12:07:39
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000004f ST336032 rev.3.CH
Running: w6z0ke6c.exe; Driver: C:\Users\Loretta\AppData\Local\Temp\fwliafow.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\kqjux.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D209340, 0x3500C7, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BC8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C09855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BCB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BC7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BC0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BC06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BE7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BC2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73BC8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73C09855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73BCB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73BC7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73BC0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73BC06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73BE7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73BC2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
*******************************
DDS.txt
*******************************
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Loretta at 12:08:55 on 2011-05-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.665 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Loretta\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\loretta\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://69.109.88.238:85/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://expresspay.webex.com/client/T26L/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-4-12 77004]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-19 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-19 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c99b7427268e28;Google Update Service (gupdate1c99b7427268e28);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-26 16:53:54 -------- d--h--w- c:\users\loretta\appdata\roaming\Malwarebytes
2011-05-26 16:53:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 16:53:32 -------- d--h--w- c:\programdata\Malwarebytes
2011-05-26 16:53:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 16:53:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:50:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72ad9ce0-cad5-4509-abe2-5eb494bbafc7}\mpengine.dll
2011-05-24 22:17:29 738182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-20 17:03:56 -------- d--h--w- c:\windows\system32\Logs
2011-05-12 10:01:26 -------- d--h--w- C:\38ac5c000b2bf71db2
2011-05-11 19:08:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-27 00:47:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:47:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
.
==================== Find3M ====================
.
2011-05-05 16:12:41 243152 ---ha-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 12:09:34.51 ===============
**********************************
Attach.txt from DDS
**********************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/12/2008 10:18:42 AM
System Uptime: 5/26/2011 11:06:35 AM (1 hours ago)
.
Motherboard: ECS | | Nettle2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2400/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 326 GiB total, 268.457 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.196 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 9.4.4
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audible Download Manager
Avery Wizard 3.1
AVG Free 9.0
Bing Bar
Bing Rewards Client Installer
BnPrintManagerSetup
Bonjour
Britannia Version 5
Brother Extensions for Paperport
Definition update for Microsoft Office 2010 (KB982726)
deskPDF 2.5 Standard Edition
Docudesk GPL Ghostscript 8.15
DYMO Label Software
DYMO LabelWriter Drivers
DYMO Stamps
Enhanced Multimedia Keyboard Solution
Evolution Remote
Evolution Remote Help
Glary Utilities 2.30.0.1066
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
hp deskjet 3600
HP Easy Setup - Frontend
HP Memories Disc
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
hp print screen utility
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.8.15.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
MobileMe Control Panel
Money Coach
Move Networks Media Player for Internet Explorer
MozyHome
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Netflix Movie Viewer
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
PaperPort 8.0 SE
ParetoLogic Privacy Controls
PSSWCORE
Python 2.5
Quicken 2006
Quicken Legal Business Pro 2009
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Shipping Assistant 3.6
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
TurboTax 2008 wcasbpm
TurboTax 2008 WinBizFedFormset
TurboTax 2008 WinBizProgramHelp
TurboTax 2008 WinBizReleaseEngine
TurboTax 2008 WinBizTaxSupport
TurboTax 2008 WinBizUserEducation
TurboTax 2008 wrapper
TurboTax 2009 wcasbpm
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 wrapper
TurboTax 2010 wcasbpm
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 wrapper
TurboTax Business 2007
TurboTax Business 2008
TurboTax Business 2009
TurboTax Business 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VideoToolkit01
WeatherBug Gadget
WebEx
Windows Live ID Sign-in Assistant
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
ZTERM 2000
.
==== Event Viewer Messages From Past Week ========
.
5/26/2011 10:20:37 AM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
5/25/2011 5:16:06 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp deskjet 3600 series (LIDIL) with shared resource name hp deskjet 3600 series (LIDIL). Error 2114. The printer cannot be used by others on the network.
5/25/2011 4:28:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
5/24/2011 4:37:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/24/2011 3:12:10 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
5/20/2011 10:03:36 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document ARNet Document, owned by Loretta, failed to print on printer FaxPrinter. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 92324. Total number of pages in the document: 1. Number of pages printed: 2. Client computer: \\LORETTA-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
5/20/2011 10:02:15 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/19/2011 12:03:10 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
5/19/2011 12:03:10 AM, Error: Ntfs [137] - The default transaction resource manager on volume HP encountered a non-retryable error and could not start. The data contains the error code.
.
==== End Of File ===========================
First thank you for your help. I am currently trying to remove the Windows Vista Recovery Virus/Malware. I have followed the steps 7 step viruses/spyware/malware preliminary removal instructions. I have ran Malwarebytes and have removed 6 corrupted files. I ran GMER and DDS. I still cannot view any icons in my start menu but the windows vista recovery window and the constant hard drive fail errors no longer appear. Please let me know what I can do to get rid of this monster. Thank you for your help!
Malwarebytes anti malware log:
------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6686
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
5/26/2011 11:05:17 AM
mbam-log-2011-05-26 (11-05-17).txt
Scan type: Quick scan
Objects scanned: 194562
Time elapsed: 17 minute(s), 42 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> 3520 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yiMjvSkpKyOa (Trojan.FakeAlert) -> Value: yiMjvSkpKyOa -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\yimjvskpkyoa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\34070264.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Loretta\AppData\Local\Temp\Low\tmp4003.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
******************************************
GMER Log
******************************************
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-26 12:07:39
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000004f ST336032 rev.3.CH
Running: w6z0ke6c.exe; Driver: C:\Users\Loretta\AppData\Local\Temp\fwliafow.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\kqjux.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D209340, 0x3500C7, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BC8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C09855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BCB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BC7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BC0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BC06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BE7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BC2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73BC8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73C09855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73BCB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73BBFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73BC7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73BBEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BFB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73BCBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73BC0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73BC06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73BB71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73C4D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73BE7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73BBE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73BB697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73BB69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[3704] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73BC2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
*******************************
DDS.txt
*******************************
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Loretta at 12:08:55 on 2011-05-26
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.665 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Loretta\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://my.yahoo.com/
mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\loretta\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/55.16/uploader2.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://69.109.88.238:85/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://expresspay.webex.com/client/T26L/training/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-4-12 77004]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-19 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-19 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c99b7427268e28;Google Update Service (gupdate1c99b7427268e28);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-26 16:53:54 -------- d--h--w- c:\users\loretta\appdata\roaming\Malwarebytes
2011-05-26 16:53:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 16:53:32 -------- d--h--w- c:\programdata\Malwarebytes
2011-05-26 16:53:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 16:53:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 00:50:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72ad9ce0-cad5-4509-abe2-5eb494bbafc7}\mpengine.dll
2011-05-24 22:17:29 738182 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-20 17:03:56 -------- d--h--w- c:\windows\system32\Logs
2011-05-12 10:01:26 -------- d--h--w- C:\38ac5c000b2bf71db2
2011-05-11 19:08:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-27 00:47:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:47:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
.
==================== Find3M ====================
.
2011-05-05 16:12:41 243152 ---ha-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 12:09:34.51 ===============
**********************************
Attach.txt from DDS
**********************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/12/2008 10:18:42 AM
System Uptime: 5/26/2011 11:06:35 AM (1 hours ago)
.
Motherboard: ECS | | Nettle2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2400/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 326 GiB total, 268.457 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.196 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Connect Add-in
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 9.4.4
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audible Download Manager
Avery Wizard 3.1
AVG Free 9.0
Bing Bar
Bing Rewards Client Installer
BnPrintManagerSetup
Bonjour
Britannia Version 5
Brother Extensions for Paperport
Definition update for Microsoft Office 2010 (KB982726)
deskPDF 2.5 Standard Edition
Docudesk GPL Ghostscript 8.15
DYMO Label Software
DYMO LabelWriter Drivers
DYMO Stamps
Enhanced Multimedia Keyboard Solution
Evolution Remote
Evolution Remote Help
Glary Utilities 2.30.0.1066
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
hp deskjet 3600
HP Easy Setup - Frontend
HP Memories Disc
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
hp print screen utility
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.8.15.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
MobileMe Control Panel
Money Coach
Move Networks Media Player for Internet Explorer
MozyHome
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Netflix Movie Viewer
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
PaperPort 8.0 SE
ParetoLogic Privacy Controls
PSSWCORE
Python 2.5
Quicken 2006
Quicken Legal Business Pro 2009
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Shipping Assistant 3.6
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
TurboTax 2008 wcasbpm
TurboTax 2008 WinBizFedFormset
TurboTax 2008 WinBizProgramHelp
TurboTax 2008 WinBizReleaseEngine
TurboTax 2008 WinBizTaxSupport
TurboTax 2008 WinBizUserEducation
TurboTax 2008 wrapper
TurboTax 2009 wcasbpm
TurboTax 2009 WinBizFedFormset
TurboTax 2009 WinBizReleaseEngine
TurboTax 2009 WinBizTaxSupport
TurboTax 2009 wrapper
TurboTax 2010 wcasbpm
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 wrapper
TurboTax Business 2007
TurboTax Business 2008
TurboTax Business 2009
TurboTax Business 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VideoToolkit01
WeatherBug Gadget
WebEx
Windows Live ID Sign-in Assistant
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
ZTERM 2000
.
==== Event Viewer Messages From Past Week ========
.
5/26/2011 10:20:37 AM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
5/25/2011 5:16:06 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp deskjet 3600 series (LIDIL) with shared resource name hp deskjet 3600 series (LIDIL). Error 2114. The printer cannot be used by others on the network.
5/25/2011 4:28:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
5/24/2011 4:37:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/24/2011 3:12:10 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
5/20/2011 10:03:36 AM, Error: Microsoft-Windows-PrintSpooler [6161] - The document ARNet Document, owned by Loretta, failed to print on printer FaxPrinter. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 92324. Total number of pages in the document: 1. Number of pages printed: 2. Client computer: \\LORETTA-PC. Win32 error code returned by the print processor: 0. The operation completed successfully.
5/20/2011 10:02:15 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/19/2011 12:03:10 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
5/19/2011 12:03:10 AM, Error: Ntfs [137] - The default transaction resource manager on volume HP encountered a non-retryable error and could not start. The data contains the error code.
.
==== End Of File ===========================