Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows blue screen crash

Started by ErikaP , Aug 06 2010 11:33 AM

Please log in to reply

#1
ErikaP

Posted 06 August 2010 - 11:33 AM

Member

Member
14 posts

About a week ago I got my first Windows crash and a blue screen. Here's what the first message said:

Blue Screen
BCCode be
BCP1 A20E7518
BCP2 737B6900
BCP3 CB9A8AAc
BCP4 0000000E
OS 6_0_6002
Service Pack 2_0
Product 768_1

Since then, I've been having random crashes with the blue screen, but the message is only there for a few seconds, not long enough for me to write it all down - it says something about if this is the first time I've seen the message that I should restart and then there's stop 0x000000008xe (or something like that - the blue screen's not up for long before the computer restarts). I've also had a few memory management errors, and when the computer tried to run a Starup Repair, I got a StartRep.exe error 0x1fcb993c. I've also seen IRQL_NOT_LESS_OR_EQUAL on a blue crash screen. I have Norton Antivirus and I renewed the subscription about a month ago. I have gotten a few Norton crash messages where it sounds like it's not updating correctly. I don't know if these are all related or not.

Here are the logs from the malware guide. My computer crashed and restarted several times while I was trying to run them all.

Malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4399

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/6/2010 10:25:29 AM
mbam-log-2010-08-06 (10-25-29).txt

Scan type: Quick scan
Objects scanned: 133660
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL.txt
OTL logfile created on: 8/6/2010 9:48:45 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Rose\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.57 Gb Total Space | 233.46 Gb Free Space | 80.90% Space Free | Partition Type: NTFS
Drive D: | 9.51 Gb Total Space | 1.29 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 552.56 Mb Total Space | 491.37 Mb Free Space | 88.93% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSE-PC
Current User Name: Rose
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 09:40:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
PRC - [2010/06/10 13:22:44 | 000,554,328 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/02 11:05:30 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/01/26 17:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/20 13:47:13 | 000,096,456 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\WSCStub.exe
PRC - [2009/08/21 23:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/26 19:14:45 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/19 00:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/01/15 09:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 08:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 04:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

========== Modules (SafeList) ==========

MOD - [2010/08/06 09:40:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/09 19:14:30 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/21 23:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/07/13 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/26 02:47:10 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 12:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100805.004\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/27 17:26:30 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/21 23:37:16 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/21 23:37:16 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/21 23:37:16 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/21 23:37:16 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/21 23:37:16 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/21 23:37:16 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/21 23:37:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/21 03:32:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 11:59:24 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008/10/07 13:33:00 | 007,380,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/15 17:19:04 | 002,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/26 11:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/01 02:21:08 | 001,129,344 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/09/10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/09/02 23:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/09/02 23:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ([]msn in Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rose\Pictures\Hoppity.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rose\Pictures\Hoppity.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/09 22:46:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 09:40:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
[2010/08/06 09:14:27 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\gmer
[2010/08/06 09:04:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/06 09:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/06 09:04:10 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rose\Desktop\erunt_setup.exe
[2010/08/06 08:45:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rose\Desktop\TFC.exe
[2010/07/29 07:03:14 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Symantec
[2010/07/28 13:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/06/26 19:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/06/26 19:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/26 19:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2010/06/26 19:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2010/06/26 03:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[4 C:\Users\Rose\Documents\*.tmp files -> C:\Users\Rose\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/06 09:54:23 | 003,145,728 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT
[2010/08/06 09:51:22 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/06 09:51:21 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/06 09:51:21 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/06 09:45:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 09:45:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/06 09:45:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/06 09:45:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/06 09:44:59 | 3085,303,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 09:44:56 | 492,248,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/06 09:40:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
[2010/08/06 09:13:47 | 000,284,915 | ---- | M] () -- C:\Users\Rose\Desktop\gmer.zip
[2010/08/06 09:04:46 | 000,000,915 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/06 09:04:38 | 000,000,735 | ---- | M] () -- C:\Users\Rose\Desktop\NTREGOPT.lnk
[2010/08/06 09:04:38 | 000,000,716 | ---- | M] () -- C:\Users\Rose\Desktop\ERUNT.lnk
[2010/08/06 09:04:11 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rose\Desktop\erunt_setup.exe
[2010/08/06 08:56:02 | 000,524,288 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/06 08:56:02 | 000,065,536 | -HS- | M] () -- C:\Users\Rose\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/06 08:45:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\TFC.exe
[2010/08/02 09:18:22 | 000,002,609 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/07/31 14:58:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/27 12:28:50 | 000,405,056 | ---- | M] () -- C:\Users\Rose\Desktop\lightsaber prototype.jpg
[2010/07/24 22:44:24 | 005,547,190 | ---- | M] () -- C:\Users\Rose\Documents\knitsabers pattern.pdf
[2010/07/24 22:03:34 | 000,467,451 | ---- | M] () -- C:\Users\Rose\Documents\Luke 12 inch saber pattern.pdf
[2010/07/24 17:30:30 | 000,150,621 | ---- | M] () -- C:\Users\Rose\Documents\overthemoonwrap.pdf
[2010/07/24 17:26:42 | 000,229,728 | ---- | M] () -- C:\Users\Rose\Documents\PlainWoolWrap.pdf
[2010/07/24 17:16:28 | 000,974,979 | ---- | M] () -- C:\Users\Rose\Documents\Felted_Baby_Yoda_Hat2.pdf
[2010/07/24 12:32:13 | 000,266,618 | ---- | M] () -- C:\Users\Rose\Desktop\inserts.jpg
[2010/07/24 12:31:52 | 000,481,250 | ---- | M] () -- C:\Users\Rose\Desktop\pocket trainers.jpg
[2010/07/21 03:40:10 | 000,002,607 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2010/06/27 15:22:58 | 000,038,400 | ---- | M] () -- C:\Users\Rose\Documents\budget.xls
[2010/06/26 19:55:23 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2010/06/18 13:25:38 | 000,432,571 | ---- | M] () -- C:\Users\Rose\Desktop\nectarine pie.jpg
[2010/06/11 03:23:26 | 000,455,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/07 19:40:59 | 000,526,848 | ---- | M] () -- C:\Users\Rose\Documents\fantasy silhouettes.doc
[2010/06/06 18:58:40 | 000,016,384 | ---- | M] () -- C:\Users\Rose\Documents\2010 trips.xls
[2010/05/30 13:54:30 | 000,779,502 | ---- | M] () -- C:\Users\Rose\Desktop\card tower.jpg
[2010/05/13 20:52:18 | 000,185,344 | ---- | M] () -- C:\Users\Rose\Documents\Stuffed cloth buttons.doc
[2010/05/10 13:10:13 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/05/09 13:51:03 | 000,019,456 | ---- | M] () -- C:\Users\Rose\Documents\foxtrot list.doc
[4 C:\Users\Rose\Documents\*.tmp files -> C:\Users\Rose\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 09:13:46 | 000,284,915 | ---- | C] () -- C:\Users\Rose\Desktop\gmer.zip
[2010/08/06 09:04:46 | 000,000,915 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/06 09:04:38 | 000,000,735 | ---- | C] () -- C:\Users\Rose\Desktop\NTREGOPT.lnk
[2010/08/06 09:04:38 | 000,000,716 | ---- | C] () -- C:\Users\Rose\Desktop\ERUNT.lnk
[2010/08/06 08:35:59 | 3085,303,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 14:58:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/27 12:28:48 | 000,405,056 | ---- | C] () -- C:\Users\Rose\Desktop\lightsaber prototype.jpg
[2010/07/24 22:44:19 | 005,547,190 | ---- | C] () -- C:\Users\Rose\Documents\knitsabers pattern.pdf
[2010/07/24 22:03:34 | 000,467,451 | ---- | C] () -- C:\Users\Rose\Documents\Luke 12 inch saber pattern.pdf
[2010/07/24 17:30:30 | 000,150,621 | ---- | C] () -- C:\Users\Rose\Documents\overthemoonwrap.pdf
[2010/07/24 17:26:42 | 000,229,728 | ---- | C] () -- C:\Users\Rose\Documents\PlainWoolWrap.pdf
[2010/07/24 17:16:24 | 000,974,979 | ---- | C] () -- C:\Users\Rose\Documents\Felted_Baby_Yoda_Hat2.pdf
[2010/07/24 12:32:12 | 000,266,618 | ---- | C] () -- C:\Users\Rose\Desktop\inserts.jpg
[2010/07/24 12:30:57 | 000,481,250 | ---- | C] () -- C:\Users\Rose\Desktop\pocket trainers.jpg
[2010/06/26 19:55:23 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2010/06/18 13:25:37 | 000,432,571 | ---- | C] () -- C:\Users\Rose\Desktop\nectarine pie.jpg
[2010/06/07 19:40:58 | 000,526,848 | ---- | C] () -- C:\Users\Rose\Documents\fantasy silhouettes.doc
[2010/05/30 13:54:29 | 000,779,502 | ---- | C] () -- C:\Users\Rose\Desktop\card tower.jpg
[2010/05/13 20:52:16 | 000,185,344 | ---- | C] () -- C:\Users\Rose\Documents\Stuffed cloth buttons.doc
[2009/09/23 15:51:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/20 07:39:07 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/20 07:39:07 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/20 07:39:07 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/05/23 18:13:27 | 000,001,729 | ---- | C] () -- C:\Windows\System32\GamParse.INI
[2009/04/19 08:20:25 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/02/28 07:07:44 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/02/28 07:07:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/02/28 06:23:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/09 22:36:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/11/09 22:25:23 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/09 22:25:23 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/06/13 17:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/09/16 07:58:20 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\FUJIFILM
[2008/03/15 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\muvee Technologies
[2008/08/06 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Petroglyph
[2008/02/27 19:07:18 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Snapfish
[2008/03/13 21:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\WinBatch
[2010/08/06 08:55:42 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/11/09 22:46:12 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/11/09 22:01:19 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/07/12 18:08:13 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/08/06 09:44:59 | 3085,303,808 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/31 08:22:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/26 19:44:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/03/31 08:22:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/06 09:44:58 | 3399,233,536 | -HS- | M] () -- C:\pagefile.sys
[2008/03/13 21:33:42 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/18 08:24:33 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/07 17:13:05 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 10:02:45
< End of report >

Extras.txt
OTL Extras logfile created on: 8/6/2010 9:48:45 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Rose\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.57 Gb Total Space | 233.46 Gb Free Space | 80.90% Space Free | Partition Type: NTFS
Drive D: | 9.51 Gb Total Space | 1.29 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.98 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive F: | 552.56 Mb Total Space | 491.37 Mb Free Space | 88.93% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSE-PC
Current User Name: Rose
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2894011382-2935287392-3924786666-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DD43EF-336F-46C4-8344-C6EE7CB3103E}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{198093D5-5017-4AC7-8A1B-3F6D78423B0B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1EA34871-9BCF-4237-998E-EF5E0DA36495}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"{1F772AE8-B359-4949-94C3-F694C5A4B998}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{46CDC510-BBF9-45B8-A4E3-749D3D0BD37E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{53EE0812-56F1-484B-9D99-82DB516C0CF0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5C05B2F1-D400-425F-A4F9-807884B3B099}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{6F9B64DB-D3A5-4358-A8C8-F0DEE0A4D92D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{876E9EB3-2F2B-46E7-98D0-8A295BF415A5}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{94185F4F-8608-48D1-991D-806BCD12CB16}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A8B3DDF2-8C4B-4F7A-AD4D-BD76871A99A5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BEA60FF2-4C69-43BA-918C-3D9C3FA03AE2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{0BB7F5F6-EC91-4849-A542-EEA49AFB0710}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{2E4A9AFD-1497-47E0-AD63-D46F8E1D7CED}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"TCP Query User{42AF742C-50A4-4742-9272-9FD480650422}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{67868809-3AE8-4ACF-98AB-03BC013295DB}C:\program files\sony\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest\eqvoiceservice.exe |
"TCP Query User{9CCA15A2-C514-4E8E-B4A5-0F394B27EE69}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A2C0F388-E068-43AD-8946-13507309E76F}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{A4921ADC-E27D-4996-B3E0-9EECDE431CF6}C:\program files\sony\everquest\eqgame.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest\eqgame.exe |
"TCP Query User{B26624BD-266D-45FF-911D-F8782476FBDB}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{04914559-7F19-4624-8EA1-6B6CDEFB9412}C:\program files\sony\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest\eqvoiceservice.exe |
"UDP Query User{1B105D50-E8D8-4E0E-8A53-D634FB118286}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{8477030E-7A6C-425D-B4F7-798F1FFF39AD}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{A07D684D-9F5C-4C21-B437-2B9B54562E5C}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{A4ADF34B-2674-4274-8ED1-A98F8E84B3F3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C765CB5B-B8EE-4B4F-B4ED-AD1EB458A42B}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe |
"UDP Query User{CB4CF42F-98E4-4D16-A622-9F1CF40A941F}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{E0B2E5A6-5D87-4055-9325-C55639856F0E}C:\program files\sony\everquest\eqgame.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest\eqgame.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2017CE7C-CB9D-4FF7-967D-5A6B67FC7EF2}" = LeapFrog Leapster2 Plugin
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C82257D5-970D-4371-8616-6B8E5693C99F}" = LeapFrog Connect
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAD859A8-FB72-4BC3-A892-287E9491E8BE}" = Station Launcher
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"AutoItv3" = AutoIt v3.3.0.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diablo II" = Diablo II
"ERUNT_is1" = ERUNT 1.1j
"Freeze Clip Art" = Freeze Clip Art
"Guild Wars" = Guild Wars
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Station Launcher" = Station Launcher
"SystemRequirementsLab" = System Requirements Lab
"UPCShell" = LeapFrog Connect
"WildTangent hp Master Uninstall" = My HP Games
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2010 3:49:28 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, time stamp
0x4a57bc8a, faulting module MSVCR80.dll, version 8.0.50727.4053, time stamp 0x4a594c79,
exception code 0xc000001d, fault offset 0x0001510a, process id 0xd08, application
start time 0x01cb222a62452401.

Error - 7/29/2010 3:48:09 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, time stamp
0x4a57bc8a, faulting module MSVCR80.dll, version 8.0.50727.4053, time stamp 0x4a594c79,
exception code 0xc000001d, fault offset 0x000174e9, process id 0x1a68, application
start time 0x01cb2e29d8759b10.

Error - 7/29/2010 3:51:16 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, time stamp
0x4a57bc8a, faulting module NCWTRUST.DLL, version 16.8.0.41, time stamp 0x4b5751f9,
exception code 0xc0000005, fault offset 0x00043774, process id 0x8c0, application
start time 0x01cb2ef2d1ab12a0.

Error - 7/30/2010 3:53:13 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp
0x49e01c05, faulting module FastProx.dll, version 6.0.6002.18005, time stamp 0x49e03729,
exception code 0xc0000005, fault offset 0x0002e078, process id 0x998, application
start time 0x01cb2fb534f040db.

Error - 7/30/2010 5:10:01 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp
0x49e01c05, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e,
exception code 0xc0000005, fault offset 0x00009b2b, process id 0x990, application
start time 0x01cb2fbcbb638810.

Error - 7/30/2010 6:07:15 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp
0x49e01c05, faulting module FastProx.dll, version 6.0.6002.18005, time stamp 0x49e03729,
exception code 0xc0000005, fault offset 0x0001ba7a, process id 0xfd4, application
start time 0x01cb2fc721cd446e.

Error - 7/30/2010 6:09:03 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp
0x49e01c05, faulting module msvcrt.dll, version 7.0.6002.18005, time stamp 0x49e0379e,
exception code 0xc0000005, fault offset 0x00009b2b, process id 0x9c, application
start time 0x01cb2fcf1f02295c.

Error - 7/30/2010 6:14:24 AM | Computer Name = Rose-PC | Source = Application Error | ID = 1000
Description = Faulting application wmiprvse.exe, version 6.0.6002.18005, time stamp
0x49e01c05, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x00066796, process id 0x81c, application
start time 0x01cb2fcf5effc53a.

Error - 7/30/2010 5:29:39 PM | Computer Name = Rose-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18928 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d74 Start Time: 01cb2ff66a5cce34 Termination Time: 72

Error - 7/30/2010 9:42:25 PM | Computer Name = Rose-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 8/6/2010 11:33:45 AM | Computer Name = Rose-PC | Source = DCOM | ID = 10005
Description =

Error - 8/6/2010 11:33:46 AM | Computer Name = Rose-PC | Source = DCOM | ID = 10005
Description =

Error - 8/6/2010 11:33:46 AM | Computer Name = Rose-PC | Source = DCOM | ID = 10005
Description =

Error - 8/6/2010 11:36:03 AM | Computer Name = Rose-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:34:48 AM on 8/6/2010 was unexpected.

Error - 8/6/2010 11:45:29 AM | Computer Name = Rose-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/6/2010 11:48:32 AM | Computer Name = Rose-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/6/2010 11:55:41 AM | Computer Name = Rose-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 8/6/2010 12:45:03 PM | Computer Name = Rose-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:43:04 AM on 8/6/2010 was unexpected.

Error - 8/6/2010 12:51:04 PM | Computer Name = Rose-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/6/2010 12:51:04 PM | Computer Name = Rose-PC | Source = Service Control Manager | ID = 7031
Description =

< End of report >

ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 11:02:56
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Rose\AppData\Local\Temp\kwldrpow.sys

---- System - GMER 1.0.15 ----

SSDT 8822F048 ZwAlertResumeThread
SSDT 8822D048 ZwAlertThread
SSDT 8823A0F8 ZwAllocateVirtualMemory
SSDT 87AD7F40 ZwAlpcConnectPort
SSDT 883CF248 ZwAssignProcessToJobObject
SSDT 88368E80 ZwCreateMutant
SSDT 883D1F00 ZwCreateSymbolicLinkObject
SSDT 87C9EE30 ZwCreateThread
SSDT 88369048 ZwDebugActiveProcess
SSDT 8823A2C8 ZwDuplicateObject
SSDT 882DA9E8 ZwFreeVirtualMemory
SSDT 88366048 ZwImpersonateAnonymousToken
SSDT 882DB048 ZwImpersonateThread
SSDT 87AA7668 ZwLoadDriver
SSDT 882DA8C8 ZwMapViewOfSection
SSDT 883684C0 ZwOpenEvent
SSDT 8823A568 ZwOpenProcess
SSDT 87BD6BF0 ZwOpenProcessToken
SSDT 88369310 ZwOpenSection
SSDT 8823A418 ZwOpenThread
SSDT 883D0D00 ZwProtectVirtualMemory
SSDT 87BD7110 ZwResumeThread
SSDT 87BF6048 ZwSetContextThread
SSDT 882DA670 ZwSetInformationProcess
SSDT 88369108 ZwSetSystemInformation
SSDT 88369BD0 ZwSuspendProcess
SSDT 87CA3130 ZwSuspendThread
SSDT 87BE3850 ZwTerminateProcess
SSDT 87BF8620 ZwTerminateThread
SSDT 87C9CB48 ZwUnmapViewOfSection
SSDT 882DAD38 ZwWriteVirtualMemory
SSDT 883D04A0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EBF880 8 Bytes [48, F0, 22, 88, 48, D0, 22, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EBF894 4 Bytes [F8, A0, 23, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EBF8A0 4 Bytes [40, 7F, AD, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 81EBF8F4 4 Bytes [48, F2, 3C, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EBF958 4 Bytes [80, 8E, 36, 88]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC0F320, 0x3DE447, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1656] ntdll.dll!RtlEncodeSystemPointer + 873 77A4938B 10 Bytes JMP 0500003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!CreateDialogParamW 77B572A2 5 Bytes JMP 6E6FDEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!GetAsyncKeyState 77B5863C 5 Bytes JMP 6E618EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!SetWindowsHookExW 77B587AD 5 Bytes JMP 6E6F9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!CallNextHookEx 77B58E3B 5 Bytes JMP 6E6ED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!UnhookWindowsHookEx 77B598DB 5 Bytes JMP 6E66467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!EnableWindow 77B5CD8B 5 Bytes JMP 6E6FDD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!CreateWindowExW 77B61305 5 Bytes JMP 6E6FDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!GetKeyState 77B68CB1 5 Bytes JMP 6E6FD2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!IsDialogMessageW 77B70745 5 Bytes JMP 6E6259D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!CreateDialogParamA 77B717AA 5 Bytes JMP 6E7F547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!IsDialogMessage 77B71847 5 Bytes JMP 6E7F4D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!CreateDialogIndirectParamA 77B726F1 5 Bytes JMP 6E7F54B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!CreateDialogIndirectParamW 77B79A62 5 Bytes JMP 6E7F54E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!SetKeyboardState 77B80987 5 Bytes JMP 6E7F5086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!DialogBoxParamW 77B810B0 5 Bytes JMP 6E6254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!DialogBoxIndirectParamW 77B82EF5 5 Bytes JMP 6E7F480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!SendInput 77B82F75 5 Bytes JMP 6E7F5C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!EndDialog 77B8326E 5 Bytes JMP 6E627E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!SetCursorPos 77B96FB2 5 Bytes JMP 6E7F5C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!DialogBoxParamA 77B98152 5 Bytes JMP 6E7F47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!DialogBoxIndirectParamA 77B9847D 5 Bytes JMP 6E7F4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!MessageBoxIndirectA 77BAD4D9 5 Bytes JMP 6E7F4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!MessageBoxIndirectW 77BAD5D3 5 Bytes JMP 6E7F46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!MessageBoxExA 77BAD639 5 Bytes JMP 6E7F4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!MessageBoxExW 77BAD65D 5 Bytes JMP 6E7F4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] USER32.dll!keybd_event 77BAD972 5 Bytes JMP 6E7F5FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] SHELL32.dll!SHRestricted + D95 76338988 4 Bytes [4D, 30, 14, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] SHELL32.dll!SHRestricted + D9D 76338990 8 Bytes [57, 2F, 14, 6D, 9C, 5B, 13, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] ole32.dll!OleLoadFromStream 77131E12 5 Bytes JMP 6E7F4B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] ole32.dll!CoGetTreatAsClass + D2F 7714FAB7 7 Bytes JMP 050003DC
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] ole32.dll!CoCreateInstance 77169EA6 5 Bytes JMP 6E6FDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1656] ole32.dll!CoCreateInstance + 3E 77169EE4 7 Bytes JMP 05000326
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ntdll.dll!RtlEncodeSystemPointer + 873 77A4938B 10 Bytes JMP 04A0003A
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CreateDialogParamW 77B572A2 5 Bytes JMP 6E6FDEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!GetAsyncKeyState 77B5863C 5 Bytes JMP 6E618EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!SetWindowsHookExW 77B587AD 5 Bytes JMP 6E6F9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CallNextHookEx 77B58E3B 5 Bytes JMP 6E6ED0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!UnhookWindowsHookEx 77B598DB 5 Bytes JMP 6E66467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!EnableWindow 77B5CD8B 5 Bytes JMP 6E6FDD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CreateWindowExW 77B61305 5 Bytes JMP 6E6FDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!GetKeyState 77B68CB1 5 Bytes JMP 6E6FD2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!IsDialogMessageW 77B70745 5 Bytes JMP 6E6259D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CreateDialogParamA 77B717AA 5 Bytes JMP 6E7F547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!IsDialogMessage 77B71847 5 Bytes JMP 6E7F4D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CreateDialogIndirectParamA 77B726F1 5 Bytes JMP 6E7F54B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CreateDialogIndirectParamW 77B79A62 5 Bytes JMP 6E7F54E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!SetKeyboardState 77B80987 5 Bytes JMP 6E7F5086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxParamW 77B810B0 5 Bytes JMP 6E6254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxIndirectParamW 77B82EF5 5 Bytes JMP 6E7F480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!SendInput 77B82F75 5 Bytes JMP 6E7F5C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!EndDialog 77B8326E 5 Bytes JMP 6E627E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!SetCursorPos 77B96FB2 5 Bytes JMP 6E7F5C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxParamA 77B98152 5 Bytes JMP 6E7F47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxIndirectParamA 77B9847D 5 Bytes JMP 6E7F4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxIndirectA 77BAD4D9 5 Bytes JMP 6E7F4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxIndirectW 77BAD5D3 5 Bytes JMP 6E7F46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxExA 77BAD639 5 Bytes JMP 6E7F4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxExW 77BAD65D 5 Bytes JMP 6E7F4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!keybd_event 77BAD972 5 Bytes JMP 6E7F5FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] SHELL32.dll!SHRestricted + D95 76338988 4 Bytes [4D, 30, 14, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] SHELL32.dll!SHRestricted + D9D 76338990 8 Bytes [57, 2F, 14, 6D, 9C, 5B, 13, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ole32.dll!OleLoadFromStream 77131E12 5 Bytes JMP 6E7F4B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ole32.dll!CoGetTreatAsClass + D2F 7714FAB7 7 Bytes JMP 04A003DC
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ole32.dll!CoCreateInstance 77169EA6 5 Bytes JMP 6E6FDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ole32.dll!CoCreateInstance + 3E 77169EE4 7 Bytes JMP 04A00326
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!CreateWindowExW 77B61305 5 Bytes JMP 6E6FDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxParamW 77B810B0 5 Bytes JMP 6E6254C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxIndirectParamW 77B82EF5 5 Bytes JMP 6E7F480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxParamA 77B98152 5 Bytes JMP 6E7F47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!DialogBoxIndirectParamA 77B9847D 5 Bytes JMP 6E7F4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxIndirectA 77BAD4D9 5 Bytes JMP 6E7F4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxIndirectW 77BAD5D3 5 Bytes JMP 6E7F46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxExA 77BAD639 5 Bytes JMP 6E7F4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3028] USER32.dll!MessageBoxExW 77BAD65D 5 Bytes JMP 6E7F4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

I've had a few more crashes and here's the info that came up in the Windows recovery box after restart:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 8E752060
BCP2: 00000005
BCP3: 00000000
BCP4: 8E6E23AC
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Edited by admin, 08 August 2010 - 06:08 PM.

#2
emeraldnzl

Posted 06 August 2010 - 05:28 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello ErikaP,

I am not sure that your machine's problems are caused by malware. Rather it might be a hardware or software conflict issue (interestingly there was a problem with XP SP2 machines which threw the same error and was related to an issue between some anti-virus programs and the machines system).

Nevertheless there is the possibility that it is malware related so we will check that out.

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [] File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

Read through the requirements and privacy statement and click on Accept button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post
OTL fix log
Kaspersky scan results

#3
ErikaP

Posted 06 August 2010 - 06:30 PM

Member

Topic Starter
Member
14 posts

I ran the OTL just fine, but it crashed again when I tried to run the other scan. Here's the error message.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: 07C1B581
BCP2: 00000000
BCP3: 61C09E95
BCP4: 00000008
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Erika

User: Public

User: Rose
->Temp folder emptied: 969726 bytes
->Temporary Internet Files folder emptied: 30318490 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1813 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 30.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_165056

Files\Folders moved on Reboot...
C:\Users\Rose\AppData\Local\Temp\Low\~DF143B.tmp moved successfully.
C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LLQDGG3R\xd_proxy[2].htm moved successfully.
C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ZIR1E20\283771-windows-blue-screen-crash[1].htm moved successfully.
C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ZIR1E20\like[1].htm moved successfully.
C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ZIR1E20\like[2].htm moved successfully.
C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\JETDC88.tmp not found!

Registry entries deleted on Reboot...

I will continue to try to run the scan before I have yet another crash (about 10 so far today).

#4
emeraldnzl

Posted 06 August 2010 - 06:36 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hey ErikaP,

Try uninstalling Norton Symantec (you can re-install it later) and see if that makes a difference.

#5
ErikaP

Posted 07 August 2010 - 06:09 PM

Member

Topic Starter
Member
14 posts

I uninstalled Norton, but now it crashes each time I try to start the Kaspersky scan. It will go through all the updates there but as soon as I click on my computer, it crashes and I'm back to a blue screen. I tried about 4 times and had the same thing happen each time. I'm now also getting random Internet Explorer crashes, too. This is the first time today that it's actually loaded this site and let me reply.

#6
emeraldnzl

Posted 07 August 2010 - 06:23 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello ErikaP,

Leave Kaspersky for now.

I'm now also getting random Internet Explorer crashes

You could try going to Repair/Reinstall IE, follow the instructions for your version of IE and see if that works.

Another possibility is to try another browser:

Firefox may be downloaded from Here.

You can have more than one browser on your machine.

Try those actions and see if there is a difference.

Come back and tell me how it went.

#7
ErikaP

Posted 07 August 2010 - 08:27 PM

Member

Topic Starter
Member
14 posts

The IE repair didn't work. It got part-way through and had an error saying it couldn't finish and listed other support options. I tried it twice and it got stuck both times. Then I downloaded Firefox just fine.

Edited by ErikaP, 07 August 2010 - 08:28 PM.

#8
emeraldnzl

Posted 07 August 2010 - 08:45 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Okay let's do this then.

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Click Start and if your security program asks you if you want to allow the program, click yes.
If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
Copy and paste that log as a reply to this topic

#9
ErikaP

Posted 08 August 2010 - 09:12 AM

Member

Topic Starter
Member
14 posts

Nope, I just had it freeze up trying to run the ESET twice (once in IE before I remembered to use Firefox, and then once in Firefox). It went to the "trying to find a solution" error box.

The third time I tried it, I got another Windows crash with blue screen and restart.

Oh, and it took me about 6 tries this morning to get Windows to even get started. It went through the Startup Repair and it actually worked when it finally did let me on the computer.

I've also had two random Firefox crashes in the 10 minutes that I've been on the computer this morning, too.

Edited by ErikaP, 08 August 2010 - 09:21 AM.

#10
emeraldnzl

Posted 08 August 2010 - 01:49 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello ErikaP,

There are some tools that I would like to try but your machine is so unstable that I am worried we might cause some problem that would result in loss of your data.

We also want to get your anti-virus re-installed but we will leave that for later as it may interfere with the tools we do use.

For now let's try this:

Please download MBRCheck.exe to your Desktop.

Double click to run it
It will prompt you with some text
Left click on title bar (where program name and path is written)
From menu chose Edit > Select All
Click Enter key on keyboard to copy selected text
paste that text back here

#11
ErikaP

Posted 08 August 2010 - 02:30 PM

Member

Topic Starter
Member
14 posts

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ECS
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: GX611AA-ABA m8300f
Logical Drives Mask: 0x000007fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`24c4ce00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
298 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#12
emeraldnzl

Posted 08 August 2010 - 04:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello ErikaP

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#13
ErikaP

Posted 08 August 2010 - 08:57 PM

Member

Topic Starter
Member
14 posts

I've tried twice so far and the second time got a lot further than the first. Both times ended in a Windows Command Processor Stopped error and Windows shut ComboFix down before it could finish. The third time I tried to start it, I got another Windows crash, blue screen, and restart. Should I try it in Safe Mode or anything like that?

#14
emeraldnzl

Posted 08 August 2010 - 09:58 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Before we try ComboFix again see if you can do this (come back and ask if you run into difficulties):

Logon to the Recovery Console (the Recovery Console should have been installed by ComboFix when you downloaded it).

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.

Posted Image

Note: In your case the image above will show Vista not XP

Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entry, and press 'Enter':

fixmbr

After that re-run ComboFix.

#15
ErikaP

Posted 09 August 2010 - 10:16 AM

Member

Topic Starter
Member
14 posts

It never downloaded the recovery console when I ran ComboFix. It just went straight into trying to scan my system. I don't get a choice of operating systems to choose from when I restart my computer. If I push F11, it can take me into the system recovery windows, but I thought that took you all the way back to factory setup and wiped everything.