Inactive Heur.dropper - some questions

Status
Not open for further replies.
Hi,

I'm running an Emachine netbook. My AVG antivirus has been reporting Heur.dropper. I only got around to installing an antivirus the other day (bad of me, I know), and on the first scan (immediately after installation) it found both heur and heur.dropper in with the games bundled with my computer. The reported files were all .exes. Some of the reported infected files were listed as \Bejeweled 2 Deluxe\Bejeweled2-WT.exe:\Bejeweled2-WT.exe or similar, sometimes with more 'layers' of 'Bejewled2-WT.exe:\'.


Now, however, I get AVG Resident Shield telling me

Virus found Win32/Heur.dropper;"c:\System Volume Information\_restore{9561038E-7CA9-48D1-83A3-3C1B9D4500B0}\RP18\A0017099.exe";"Deleted";"06/07/2011, 20:55:08";"file";"C:\WINDOWS\system32\svchost.exe"


I don't have time to 'clean' this computer right now - it'll have to wait.

My only immediate concerns are:

Will this virus transfer to other computers attached to my home network?
Am I in danger of my personal information being stolen?

It's very hard to find decent information about what this virus (if it is a virus and not just a false positive) actually does.
 
Actually, there is pretty much information available about this malware. The name is Win32/Heur. The entry you left shows it's in the System Volume. This is where the System Restore points are kept. If this is the only entry, then Win32/heur isn't active in the system. However if you do a system Restore and you happen to use this restore point, you can infect the system again.

But the location is of considerable concern: "C:\WINDOWS\system32\svchost.exe"There is a file infector that will sometimes present as Win32/Heur, when in fact if could be Virut.

You can get all of this information by searching for it. I can only give you generalities. And you can look in AVG forums for this well-known entry. The only way to be sure the system is clean is to see what's on it.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
==============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
All of the info I could find on the Heur online was either a)badly written (so I wasn't sure if the informations was being supplied just to scam me into buying an untrustworthy antivirus) or was b)conflicting (sometimes suggesting that the virus was a false positive, sometimes suggesting that it was very dangerous.


Thanks! I'll get the logs to you soon.

What do you think about my other questions - what IS the virus (Trojan/Worm, etc)?
Will it have been transferred to other computers in my home?

The computers are connected via a 4-port network switch (or hub, I'm not sure of the correct terminology). This 4 port hub then connects to the 1 port internet router.

I'm running a scan with Vipre on the computer that I'm worried the virus might have transferred to - if this scan doesn't show up with any Heur infections, do I need to worry about it?
 
I do not have enough information to answer your questions. Don't use a flash drive between the computers on the network. If it is connected to a computer with an infection- or if the flash drive itself has been infected, malware can spread to other computers.

The Win32/Heur problem is often discussed in the AVG forums. It can be either a sign of additional malware or a false positive. AVG has put out some updates causing the FP. But I don't have the information to determine that.

I cannot tell you if it's a virus or worm. I cannot tell you if it's been transferred. I cannot mind read your system whether you need to worry if nothing shows up!!!!

Give me some logs to start with!
 
I have a couple of notes about these logs:

The steps here:

# Double click on the DDS icon, allow it to run.
# A small box will open, with an explanation about the tool. No input is needed, the scan is running.
# Notepad will open with the results, click no to the Optional_Scan
# Follow the instructions that pop up for posting the results.
# When done, DDS will open two (2) logs:
[o]DDS.txt
[o]Attach.txt
# Close the program window.
# Enable your Antivirus protection and reconnect to the internet.

Didn't happen as described - when I did them it simply opened the CMD window with the script inside, then closed that and opened the pop up where I had to click 'OK', then it opened my logs - there was no 'Optional_Scan' or anything like that. Is that 'ok'?

Also, for my GMER 'quick scan' all it did was open the program window and there were file-names flashing down in the status bar. 30 seconds later there was no more text in that status-bar down the bottom, and I had some 'results'. Is that how the 'quick scan' works?



Regardless, here are my logs:


Malware Bytes
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7038

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/07/2011 7:09:43 p.m.
mbam-log-2011-07-07 (19-09-43).txt

Scan type: Quick scan
Objects scanned: 185138
Time elapsed: 28 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\compaq_owner.sue\my documents\downloads\guffins(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner.sue\my documents\downloads\Guffins.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner.sue\my documents\downloads\webfetti(2).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner.sue\my documents\downloads\Webfetti.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_owner.sue\local settings\Temp\1hxb02kp.exe.part (Adware.MyWebSearch) -> Quarantined and deleted successfully.


Gmer
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-07 19:27:50
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-60LSA0 rev.07.01D07
Running: jl5wu7rt.exe; Driver: C:\DOCUME~1\COMPAQ~1.SUE\LOCALS~1\Temp\ugldypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)

---- EOF - GMER 1.0.15 ----



DDS Log
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Compaq_Owner at 19:52:23 on 2011-07-07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2238.1541 [GMT 12:00]
.
AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Everyday Auto Backup\AutoBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_NZ&c=Q405&bd=presario&pf=desktop
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Everyday Auto Backup] c:\program files\everyday auto backup\AutoBackup.exe /1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUwA0ADcAWQAtADgAMgBIAFQAOAAtAEcATwBOAFYAQQAtAEIAVgBFAEQANwAtAEQARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADIAOQAyADMAMAA4ADAALQBVADkAMAArADEALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AA"&"prod=54"&"ver=9.0.872
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi699f~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
TCP: Interfaces\{76A44A5B-357E-45D2-85FD-37632C935727} : DhcpNameServer = 15.243.128.51 15.243.160.51
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner.sue\application data\mozilla\firefox\profiles\8k7jmyjh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\compaq_owner.sue\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ubiquity: ubiquity@labs.mozilla.com - %profile%\extensions\ubiquity@labs.mozilla.com
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-1-22 21464]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-1-22 331992]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-1-22 212568]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-4 54752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-7 366640]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-1-22 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-7 22712]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-1-22 68696]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-7 39984]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2011-1-22 68696]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-1-22 94040]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
=============== Created Last 30 ================
.
2011-07-07 06:22:51 -------- d-----w- c:\documents and settings\compaq_owner.sue\application data\Malwarebytes
2011-07-07 06:22:43 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 06:22:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-07 06:22:39 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 06:22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 06:05:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 19:59:22 1409 ----a-w- c:\windows\QTFont.for
.
==================== Find3M ====================
.
.
============= FINISH: 19:52:39.85 ===============


DDS Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 14/07/2009 4:27:48 p.m.
System Uptime: 7/07/2011 7:11:17 p.m. (0 hours ago)
.
Motherboard: MSI | | AMETHYST-M
Processor: AMD Sempron(tm) Processor 3200+ | Socket 939 | 1790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 11.236 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.941 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP464: 10/04/2011 8:00:47 p.m. - System Checkpoint
RP465: 12/04/2011 7:06:40 p.m. - System Checkpoint
RP466: 14/04/2011 10:25:43 a.m. - System Checkpoint
RP467: 15/04/2011 9:42:06 p.m. - System Checkpoint
RP468: 16/04/2011 11:08:50 a.m. - Software Distribution Service 3.0
RP469: 16/04/2011 2:53:07 p.m. - Software Distribution Service 3.0
RP470: 17/04/2011 3:11:49 p.m. - System Checkpoint
RP471: 18/04/2011 3:40:29 p.m. - System Checkpoint
RP472: 21/04/2011 10:41:20 a.m. - Software Distribution Service 3.0
RP473: 22/04/2011 9:09:43 p.m. - System Checkpoint
RP474: 24/04/2011 8:41:37 a.m. - System Checkpoint
RP475: 27/04/2011 11:39:37 a.m. - System Checkpoint
RP476: 28/04/2011 11:30:27 p.m. - Software Distribution Service 3.0
RP477: 30/04/2011 1:27:01 p.m. - System Checkpoint
RP478: 1/05/2011 4:44:18 p.m. - System Checkpoint
RP479: 3/05/2011 9:46:24 a.m. - System Checkpoint
RP480: 4/05/2011 1:46:24 p.m. - System Checkpoint
RP481: 6/05/2011 10:34:53 a.m. - System Checkpoint
RP482: 7/05/2011 4:11:28 p.m. - System Checkpoint
RP483: 9/05/2011 5:41:23 p.m. - System Checkpoint
RP484: 10/05/2011 9:18:03 p.m. - System Checkpoint
RP485: 12/05/2011 11:21:46 a.m. - System Checkpoint
RP486: 12/05/2011 9:20:28 p.m. - Software Distribution Service 3.0
RP487: 15/05/2011 6:29:01 p.m. - Unsigned driver install
RP488: 16/05/2011 7:43:56 p.m. - System Checkpoint
RP489: 18/05/2011 8:09:40 p.m. - System Checkpoint
RP490: 20/05/2011 6:23:28 p.m. - System Checkpoint
RP491: 23/05/2011 8:23:02 p.m. - System Checkpoint
RP492: 24/05/2011 9:05:09 p.m. - System Checkpoint
RP493: 26/05/2011 8:08:16 a.m. - System Checkpoint
RP494: 27/05/2011 11:36:22 a.m. - System Checkpoint
RP495: 28/05/2011 2:18:31 p.m. - System Checkpoint
RP496: 29/05/2011 5:29:53 p.m. - System Checkpoint
RP497: 31/05/2011 3:44:26 p.m. - System Checkpoint
RP498: 1/06/2011 9:37:10 p.m. - System Checkpoint
RP499: 3/06/2011 12:16:50 p.m. - System Checkpoint
RP500: 5/06/2011 9:42:26 p.m. - System Checkpoint
RP501: 8/06/2011 11:14:04 a.m. - System Checkpoint
RP502: 9/06/2011 6:47:55 p.m. - System Checkpoint
RP503: 10/06/2011 7:18:14 p.m. - System Checkpoint
RP504: 11/06/2011 7:53:41 p.m. - System Checkpoint
RP505: 14/06/2011 10:23:21 p.m. - System Checkpoint
RP506: 15/06/2011 11:18:58 p.m. - System Checkpoint
RP507: 16/06/2011 12:04:23 a.m. - Software Distribution Service 3.0
RP508: 18/06/2011 6:37:28 a.m. - System Checkpoint
RP509: 20/06/2011 7:49:16 p.m. - System Checkpoint
RP510: 21/06/2011 8:35:50 p.m. - System Checkpoint
RP511: 23/06/2011 7:29:24 a.m. - System Checkpoint
RP512: 24/06/2011 12:17:33 p.m. - System Checkpoint
RP513: 24/06/2011 12:51:18 p.m. - Unsigned driver install
RP514: 25/06/2011 6:27:31 p.m. - System Checkpoint
RP515: 26/06/2011 6:29:39 p.m. - System Checkpoint
RP516: 27/06/2011 7:28:24 p.m. - System Checkpoint
RP517: 28/06/2011 7:58:03 p.m. - System Checkpoint
RP518: 30/06/2011 12:11:28 p.m. - System Checkpoint
RP519: 1/07/2011 3:35:06 p.m. - System Checkpoint
RP520: 3/07/2011 9:28:50 p.m. - System Checkpoint
RP521: 5/07/2011 9:49:03 p.m. - System Checkpoint
RP522: 7/07/2011 9:31:22 a.m. - System Checkpoint
.
==== Installed Programs ======================
.
1400
1400_Help
1400Trb
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
ATI Control Panel
ATI Display Driver
BufferChm
Compaq Connections (remove only)
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
Digitalmax PhotoStyler Version 3.01
DocProc
Easy Internet Sign-up
eSupportQFolder
Everyday Auto Backup 2.0
Facebook Plug-In
Fax
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
HpSdpAppCoreApp
iTunes
J2SE Runtime Environment 5.0
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.18)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NewCopy
PC-Doctor 5 for Windows
ProductContext
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
Readme
RealPlayer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Segoe UI
Shockwave
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Status
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VIPRE Antivirus Premium
VLC media player 1.1.0
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
.
==== Event Viewer Messages From Past Week ========
.
7/07/2011 9:08:29 a.m., error: MRxSmb [8003] - The master browser has received a server announcement from the computer BALLOON that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3181B205-21BF-4682-9. The master browser is stopping or an election is being forced.
7/07/2011 7:21:34 p.m., error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/07/2011 7:12:01 p.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde TfFsMon TFSysMon ViaIde
3/07/2011 6:13:31 p.m., error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
.
==== End Of File ===========================


Thanks so much for the help!
 
Status
Not open for further replies.
Back