Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

w key redirects to hp.desktop.aol.com

Started by clb42 , May 06 2010 09:23 PM

  • Please log in to reply

#1
clb42
Posted 06 May 2010 - 09:23 PM

clb42

    New Member

  • Member
  • Pip
  • 6 posts
when i press the w key it tries to redirect to hp.desktop.aol.com, opens windows media player, opens ie, and opens help and support. avg9 and defender do not detect anything. i have done TFC, Erunt, MBAM, GMER, and OTL.

Here is MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4073

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/6/2010 6:30:13 PM
mbam-log-2010-05-06 (18-30-13).txt

Scan type: Quick scan
Objects scanned: 143953
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is GMER log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-06 21:18:08
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Charles\AppData\Local\Temp\awldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8CE00340, 0x3DA8C7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!SetWindowsHookExW 75E487AD 5 Bytes JMP 70759A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!CallNextHookEx 75E48E3B 5 Bytes JMP 7074D101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!UnhookWindowsHookEx 75E498DB 5 Bytes JMP 706C466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!CreateWindowExW 75E51305 5 Bytes JMP 7075DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!DialogBoxParamW 75E710B0 5 Bytes JMP 70685505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!DialogBoxIndirectParamW 75E72EF5 5 Bytes JMP 7085473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!DialogBoxParamA 75E88152 5 Bytes JMP 708546DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!DialogBoxIndirectParamA 75E8847D 5 Bytes JMP 708547A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!MessageBoxIndirectA 75E9D4D9 5 Bytes JMP 70854671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!MessageBoxIndirectW 75E9D5D3 5 Bytes JMP 70854606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!MessageBoxExA 75E9D639 5 Bytes JMP 708545A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] USER32.dll!MessageBoxExW 75E9D65D 5 Bytes JMP 70854542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] ole32.dll!OleLoadFromStream 75F01E12 5 Bytes JMP 70854AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2636] ole32.dll!CoCreateInstance 75F39EA6 5 Bytes JMP 7075DB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!CreateWindowExW 75E51305 5 Bytes JMP 7075DAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxParamW 75E710B0 5 Bytes JMP 70685505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxIndirectParamW 75E72EF5 5 Bytes JMP 7085473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxParamA 75E88152 5 Bytes JMP 708546DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!DialogBoxIndirectParamA 75E8847D 5 Bytes JMP 708547A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxIndirectA 75E9D4D9 5 Bytes JMP 70854671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxIndirectW 75E9D5D3 5 Bytes JMP 70854606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxExA 75E9D639 5 Bytes JMP 708545A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3988] USER32.dll!MessageBoxExW 75E9D65D 5 Bytes JMP 70854542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Here is OTL.TXT:
OTL logfile created on: 5/6/2010 9:23:42 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charles\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458.69 Gb Total Space | 252.42 Gb Free Space | 55.03% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.87 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRYAN2
Current User Name: Charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 21:21:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
PRC - [2010/05/05 17:52:12 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/05 17:52:08 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/05 17:52:07 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/05 17:52:05 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/05 17:50:59 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/05 17:50:56 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/08/20 21:06:03 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 01:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/25 20:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 20:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/15 12:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/20 06:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/10/12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 21:21:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
MOD - [2010/05/05 17:52:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/05/05 17:52:05 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 20:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/05/05 17:52:10 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/05 17:52:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/05 17:50:59 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/01/26 17:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 17:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/01/06 12:07:10 | 002,261,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/04 12:34:34 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/22 22:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/28 23:44:04 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/10/26 19:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/31 19:58:20 | 000,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/05/04 02:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Charles\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Charles\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/01 12:24:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/01/24 02:08:42 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/06 21:21:27 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2010/05/06 20:56:15 | 000,000,000 | ---D | C] -- C:\Users\Charles\Desktop\gmer
[2010/05/06 20:19:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/06 20:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/06 20:16:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Charles\Desktop\erunt_setup.exe
[2010/05/06 20:00:21 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\TFC.exe
[2010/05/06 18:17:39 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\Malwarebytes
[2010/05/06 18:16:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/06 18:16:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/06 18:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/06 18:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/06 18:14:12 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Charles\Desktop\mbam-setup-1.46.exe
[2010/05/06 01:07:20 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\AVG9
[2010/05/05 17:52:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/05 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/03 07:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/03 07:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/24 20:45:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/24 20:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/02/24 19:59:06 | 080,328,144 | ---- | C] (AVG Technologies) -- C:\Users\Charles\Desktop\avg_free_stf_en_90_730a1834.exe

========== Files - Modified Within 90 Days ==========

[2010/05/06 21:22:37 | 003,145,728 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT
[2010/05/06 21:21:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2010/05/06 21:13:51 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6FA36427-5A85-43EC-849B-42A43412067C}.job
[2010/05/06 20:55:43 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/06 20:55:43 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/06 20:55:43 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/06 20:55:26 | 000,284,915 | ---- | M] () -- C:\Users\Charles\Desktop\gmer.zip
[2010/05/06 20:50:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/05/06 20:50:40 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 20:50:40 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 20:50:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/06 20:50:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/06 20:50:21 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 20:50:19 | 227,008,057 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/06 20:17:54 | 000,000,735 | ---- | M] () -- C:\Users\Charles\Desktop\NTREGOPT.lnk
[2010/05/06 20:17:54 | 000,000,716 | ---- | M] () -- C:\Users\Charles\Desktop\ERUNT.lnk
[2010/05/06 20:16:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Charles\Desktop\erunt_setup.exe
[2010/05/06 20:11:41 | 000,524,288 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 20:11:41 | 000,065,536 | -HS- | M] () -- C:\Users\Charles\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/06 20:03:49 | 059,653,055 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/06 20:00:24 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\TFC.exe
[2010/05/06 18:16:56 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 18:14:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Charles\Desktop\mbam-setup-1.46.exe
[2010/05/06 01:28:59 | 002,046,903 | -H-- | M] () -- C:\Users\Charles\AppData\Local\IconCache.db
[2010/05/05 17:52:10 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/05 17:52:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/05 17:52:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/05 17:50:59 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/04 21:31:30 | 000,002,595 | ---- | M] () -- C:\Users\Charles\Desktop\Microsoft Word.lnk
[2010/05/01 20:33:56 | 000,347,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/15 21:10:47 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/24 21:17:11 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/02/24 20:45:03 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/02/24 20:44:55 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/02/24 20:09:20 | 004,123,589 | ---- | M] () -- C:\Users\Charles\Desktop\avg 9 free user manual.pdf
[2010/02/24 19:59:13 | 080,328,144 | ---- | M] (AVG Technologies) -- C:\Users\Charles\Desktop\avg_free_stf_en_90_730a1834.exe
[2010/02/24 19:36:44 | 000,091,816 | ---- | M] () -- C:\Users\Charles\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/22 22:09:09 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2010/05/06 20:55:13 | 000,284,915 | ---- | C] () -- C:\Users\Charles\Desktop\gmer.zip
[2010/05/06 20:31:17 | 227,008,057 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/06 20:17:54 | 000,000,735 | ---- | C] () -- C:\Users\Charles\Desktop\NTREGOPT.lnk
[2010/05/06 20:17:54 | 000,000,716 | ---- | C] () -- C:\Users\Charles\Desktop\ERUNT.lnk
[2010/05/06 18:16:56 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/17 07:37:46 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/02/24 20:45:03 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/02/24 20:09:20 | 004,123,589 | ---- | C] () -- C:\Users\Charles\Desktop\avg 9 free user manual.pdf
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/27 19:23:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/20 22:52:35 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2009/02/20 21:23:07 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/02/20 21:18:19 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV500P.ini
[2009/01/10 13:28:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/01 12:12:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/01 12:07:55 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/08/01 12:07:55 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 01:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 01:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2010/05/06 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\AVG9
[2009/01/16 22:19:19 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/02/20 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\EPSON
[2009/08/20 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Image Zone Express
[2009/02/20 21:24:36 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Leadertech
[2009/01/24 02:21:54 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Printer Info Cache
[2009/01/09 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Template
[2009/01/09 01:33:50 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\WildTangent
[2009/01/16 22:51:16 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\WinBatch
[2010/05/06 20:11:28 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/06 21:13:51 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6FA36427-5A85-43EC-849B-42A43412067C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/08/01 12:24:10 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/08/01 12:58:19 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/10/12 18:16:33 | 000,000,064 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/05/06 20:50:21 | 2011,750,400 | -HS- | M] () -- C:\hiberfil.sys
[2007/10/08 14:40:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/10/08 14:40:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/06 20:50:19 | 2325,553,152 | -HS- | M] () -- C:\pagefile.sys
[2009/01/15 20:50:50 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2007/10/08 14:53:26 | 000,457,796 | ---- | M] () -- C:\testlog.html
[2009/01/15 20:54:08 | 000,000,674 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/05 17:50:59 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/05 17:52:07 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/05 17:52:10 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 15:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 06:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 06:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 06:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 09:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 06:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
< End of report >

Here is Extras.Txt:
OTL Extras logfile created on: 5/6/2010 9:23:42 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charles\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458.69 Gb Total Space | 252.42 Gb Free Space | 55.03% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.87 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRYAN2
Current User Name: Charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2873783B-A5D7-44CB-B920-6862CA401CD5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{39471807-8C5F-472E-99DA-59690200B522}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{64CE63B2-5A65-4399-96FE-F14AAD39B62B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{68CDEE3D-25D9-4EE6-A94D-8717F561F6C4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{76A29C0B-120D-4319-A0F8-803782CC955A}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{A2C0F4A7-ABB9-41FA-B7A0-4E411A75B5D2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A3FB589F-4A96-4D87-83B7-D62472EDE969}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E47F3BB0-61B8-48FF-A753-0E595C32E0BA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E538F093-490F-4601-A409-B84621E610C4}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{FDF98B39-83BC-4461-BBFE-DF6F2ED515EE}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"TCP Query User{03F0386A-DBD4-4A3D-B94E-771F2DEA106C}C:\program files\epson\scanner driver update\pfv500\e_dupa10.exe" = protocol=6 | dir=in | app=c:\program files\epson\scanner driver update\pfv500\e_dupa10.exe |
"TCP Query User{3E5D9C49-689E-4F3F-9B2B-89C760DFB936}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D958BD9C-7D38-4638-8FBF-E8DBAD8CFD44}C:\program files\epson\scanner driver update\pfv500\e_dupa10.exe" = protocol=17 | dir=in | app=c:\program files\epson\scanner driver update\pfv500\e_dupa10.exe |
"UDP Query User{F4C50098-698E-44E3-980F-4CB771BB273A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{16376CAE-A46A-40a5-BD8D-A272F690A2E0}" = 8200
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE975D2-718E-465d-BBCB-8655F097C120}" = SF_CDD_Software
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{215C2536-35C7-4602-9612-A8833FBE0E20}" = SF_CDD_ProductContext
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{596A8F65-C705-4e68-B85E-CE0B45490712}" = HP Photosmart Appliance Printer Driver Software 8.0.D
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F992232D-9989-484f-8419-6D5CBD462615}" = 8200_Help
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATT-PRT22" = ATT-PRT22
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"Silent Package Run-Time Sample" = EPSON Perfection V500P User's Guide
"WildTangent hpdesktop Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2010 9:15:01 PM | Computer Name = Bryan2 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 10cc Start Time: 01cacecedf64382b Termination Time: 312

Error - 4/1/2010 2:31:07 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module mshtml.dll, version 7.0.6002.18167, time stamp 0x4b28c812,
exception code 0xc0000005, fault offset 0x000de852, process id 0x1574, application
start time 0x01cad1c89171efdb.

Error - 4/7/2010 7:27:07 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module mshtml.dll, version 7.0.6002.18226, time stamp 0x4b966c50,
exception code 0xc0000005, fault offset 0x000de822, process id 0x10f0, application
start time 0x01cad6a72f32a860.

Error - 4/7/2010 7:28:01 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module mshtml.dll, version 7.0.6002.18226, time stamp 0x4b966c50,
exception code 0xc0000005, fault offset 0x000de822, process id 0x1528, application
start time 0x01cad6a9daa71300.

Error - 4/7/2010 7:35:15 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module mshtml.dll, version 7.0.6002.18226, time stamp 0x4b966c50,
exception code 0xc0000005, fault offset 0x000de822, process id 0xe38, application
start time 0x01cad6aabaaa47cb.

Error - 4/7/2010 7:36:15 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module mshtml.dll, version 7.0.6002.18226, time stamp 0x4b966c50,
exception code 0xc0000005, fault offset 0x000de822, process id 0x688, application
start time 0x01cad6aafdc67c9b.

Error - 4/11/2010 8:26:53 AM | Computer Name = Bryan2 | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 10.0.6856.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1018 Start Time: 01cad971dc065aff Termination Time: 93

Error - 4/23/2010 2:08:31 PM | Computer Name = Bryan2 | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 10.0.6856.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b64 Start Time: 01cae30f8b3011e9 Termination Time: 15

Error - 4/27/2010 8:28:21 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769,
exception code 0xc0000005, fault offset 0x00331b8a, process id 0x151c, application
start time 0x01cae669a3ab7024.

Error - 4/28/2010 6:29:51 PM | Computer Name = Bryan2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module mshtml.dll, version 8.0.6001.18904, time stamp 0x4b837769,
exception code 0xc0000005, fault offset 0x000b9b38, process id 0x16ac, application
start time 0x01cae7222a6c9f46.

[ Media Center Events ]
Error - 6/9/2009 8:40:29 AM | Computer Name = Bryan2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/20/2009 9:15:56 PM | Computer Name = Bryan2 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 9/19/2009 6:08:36 PM | Computer Name = Bryan2 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 9/25/2009 9:31:35 PM | Computer Name = Bryan2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/4/2010 7:17:04 PM | Computer Name = Bryan2 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 5/6/2010 9:14:26 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/6/2010 9:31:32 PM | Computer Name = Bryan2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:29:37 PM on 5/6/2010 was unexpected.

Error - 5/6/2010 9:32:59 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2010 9:33:27 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/6/2010 9:44:24 PM | Computer Name = Bryan2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:42:17 PM on 5/6/2010 was unexpected.

Error - 5/6/2010 9:45:57 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2010 9:46:25 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/6/2010 9:50:36 PM | Computer Name = Bryan2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:48:17 PM on 5/6/2010 was unexpected.

Error - 5/6/2010 9:51:59 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/6/2010 9:53:00 PM | Computer Name = Bryan2 | Source = Service Control Manager | ID = 7022
Description =


< End of report >


Help greatly appreciated.
  • 0

Advertisements

#2
RKinner
Posted 07 May 2010 - 11:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Try uninstalling

"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator

Hot keys are what it does so it might have gotten confused.

Ron
  • 0

#3
clb42
Posted 07 May 2010 - 03:17 PM

clb42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, I removed HP On-Screen Caps/Num/Scroll Lock Indicator
and was glad to have it gone, but the problem is still present.
Every time I press the "w" key, the following things happen:
1. I lose whatever document I am typing.
2. Windows Media player opens.
3. Internet Explorer homepage window opens.
4. An Internet Explorer window opens that asks me to allow an active x to redirect
to hp.desktop.aol.com. I have never allowed it.
5. Windows help and support Internet Explorer 8 at a glance opens.

Microsoft malicious software remover tool finds nothing. Windows Defender finds nothing.

AVG9 Virus scanner finds nothing.

Any additional suggestions will be greatly appreciated.

Thanks, Charles
  • 0

#4
RKinner
Posted 07 May 2010 - 03:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy this following line:

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /s > junk.txt

Start, Programs, Accessories then right click on Command Prompt and Run As Administrator to bring up a command window.

Right click and select Paste then hit Enter. Type (with an Enter after the line)

notepad junk.txt

Copy the text and paste it into a reply.

Ron
  • 0

#5
clb42
Posted 07 May 2010 - 05:27 PM

clb42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thank you here are results:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout\DosKeybCodes
00000804 REG_SZ ch
00000408 REG_SZ gk
00010408 REG_SZ gk
00020408 REG_SZ gk
00050408 REG_SZ gk
0001041f REG_SZ tr
0000041f REG_SZ tr
00000423 REG_SZ us
00000402 REG_SZ bg
00000419 REG_SZ ru
00010419 REG_SZ ru
00000c1a REG_SZ us
00010c1a REG_SZ us
00000422 REG_SZ us
00010402 REG_SZ us
00020402 REG_SZ bg
00030402 REG_SZ bg
00020422 REG_SZ us
00000412 REG_SZ ko
00000425 REG_SZ et
00000426 REG_SZ us
00010426 REG_SZ us
00000427 REG_SZ us
00000411 REG_SZ jp
00000404 REG_SZ ch
0000041C REG_SZ us
0000041a REG_SZ yu
00000424 REG_SZ yu
00000405 REG_SZ cz
00010405 REG_SZ cz
0000040e REG_SZ hu
0001040e REG_SZ hu
00000415 REG_SZ pl
00010415 REG_SZ pl
00000418 REG_SZ ro
00010418 REG_SZ ro
00020418 REG_SZ ro
0000041b REG_SZ sl
0001041b REG_SZ sl
00000442 REG_SZ tk
00000813 REG_SZ be
0000080c REG_SZ be
00001009 REG_SZ us
00000c0c REG_SZ cf
00010c0c REG_SZ cf
00000406 REG_SZ dk
00000413 REG_SZ nl
0000040b REG_SZ su
0000040c REG_SZ fr
00000407 REG_SZ gr
00010407 REG_SZ gr
0000040f REG_SZ is
00001809 REG_SZ us
00000410 REG_SZ it
00010410 REG_SZ it
0000080a REG_SZ la
00000414 REG_SZ no
00000816 REG_SZ po
00000416 REG_SZ br
0000040a REG_SZ sp
0001040a REG_SZ sp
0000041d REG_SZ sv
0000100c REG_SZ sf
00000807 REG_SZ sg
00000809 REG_SZ uk
00010409 REG_SZ dv
00030409 REG_SZ usl
00040409 REG_SZ usr
00020409 REG_SZ us
00000409 REG_SZ us
00000452 REG_SZ uk
0000046e REG_SZ sf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout\DosKeybIDs
00010408 REG_SZ 220
00020408 REG_SZ 319
0001041f REG_SZ 440
0000041f REG_SZ 179
00010415 REG_SZ 214
00000442 REG_SZ 440
00000410 REG_SZ 141
00010410 REG_SZ 142

ank you here are results:
  • 0

#6
RKinner
Posted 07 May 2010 - 07:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Nothing odd there. Open the command window again and copy each entry in the code boxes and paste them by right click Paste then hit Enter. Tell me if you get something different than the text below each box:
reg query "HKEY_CURRENT_USER\Keyboard Layout" /s

HKEY_CURRENT_USER\Keyboard Layout\Preload
1 REG_SZ 00000409

HKEY_CURRENT_USER\Keyboard Layout\Substitutes

HKEY_CURRENT_USER\Keyboard Layout\Toggle

reg query "HKEY_USERS\.DEFAULT\Keyboard Layout\Preload" /s

HKEY_USERS\.DEFAULT\Keyboard Layout\Preload
1 REG_SZ 00000409


Right click on Computer and select Manage then Device Manager. In the right pane find Keyboards and hit the + in front to expand it.

What keyboard does it say? Mine says Standard PS/2 Keyboard.

Double click on Standard PS/2 Keyboard or whatever yours is to open it up. Select Drivers then Driver Details.

These are what mine has (after the c:\windows\system32\drivers)
i804prt.sys
kbdclass.sys

What do you have?

Go back to the Standard PS/2 Keyboard and right click and Delete then reboot. It will discover it again and reinstall it. Sometimes that will help.

If not go to Start, Settings, Control Panel, Keyboard. Do you have a Key Settings tab? If so, click on it and Restore Defaults.

Ron
  • 0

#7
clb42
Posted 07 May 2010 - 08:47 PM

clb42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Command box responses match yours.
Mine says enhanced multimedia PS/2 keyboard.
There is a third c:\windows\system32\drivers\PS2.sys The other 2 match yours. I also updated drivers to no avail.
Uninstalling, rebooting, and restoring defaults make no difference.
  • 0

#8
RKinner
Posted 07 May 2010 - 09:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Have you tried this
http://h10025.www1.h...product=3311651

Have you tried another keyboard? Or tried the keyboard on another PC?
Could be the w key is sending out the wrong info and is being mistaken for an F key.

See if you can remap the key using the software in post #3 of
http://www.vistax64....keys-vista.html

Ron
  • 0

#9
clb42
Posted 07 May 2010 - 09:56 PM

clb42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did get the driver you mentioned--no luck. I'll try to bring home another keyboard from the office tomorrow. Thanks again, Charles
  • 0

#10
clb42
Posted 08 May 2010 - 01:53 PM

clb42

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
PROBLEM RESOLVED! I took the keyboard to the office. The office computer then had the exact same problem. It was the keyboard. Thank you very much for your time and effort.

Charles
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP