[j1a3g8]

Not sure if this is the right forum..? Anyways, lost all my music, docs, photos, etc. My desktop is empty and "script error" thing keeps appearing.. When I click on "all programs" it says "empty" but I think programs like itunes are still there because I can get to it in a round-about way..? Just no icons..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:43 AM, on 5/6/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Owner\Desktop\Computer Clean-Up Kit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9e885e17a0b00) (gupdate1c9e885e17a0b00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 2413 bytes

[Advertisements]

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe (Vista or Win 7 => right click and Run As Administrator)
and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Usually this thing will just set the hidden bit in the file attributes so the files are there you just aren't able to see them. To change your system so you can see hidden files:

If using Windows XP:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.


If using Windows Vista or Windows 7:

Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.


[Online tutorial covering both of the above: http://www.bleepingc...utorial62.html]

There is a program called unhide.exe
http://download.blee...nler/unhide.exe
but if the virus is still active it will probably hide them again.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Ron

[RKinner]

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe (Vista or Win 7 => right click and Run As Administrator)
and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Usually this thing will just set the hidden bit in the file attributes so the files are there you just aren't able to see them. To change your system so you can see hidden files:

If using Windows XP:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.


If using Windows Vista or Windows 7:

Close all programs so that you are at your desktop.
Open the Control Panel menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.


[Online tutorial covering both of the above: http://www.bleepingc...utorial62.html]

There is a program called unhide.exe
http://download.blee...nler/unhide.exe
but if the virus is still active it will probably hide them again.
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Ron

[j1a3g8]

Thanks Ron. Here's the OTL log that came up.. I was able to unhide the files/icons but now they're dimmed out and not all came back? I'm also having trouble uninstalling my old malwarebytes.. Just keeps saying "internal error. Cannot find utCompiled Code record." Thx again.


OTL logfile created on: 5/7/2011 3:50:49 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 122.49 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/03/30 22:32:19 | 000,307,672 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2006/12/20 03:15:44 | 000,428,152 | -H-- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | -H-- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | -H-- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/24 14:26:18 | 000,202,560 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/08/24 01:17:22 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/02 18:56:52 | 000,118,784 | -H-- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 21:50:26 | 000,063,096 | -H-- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 21:47:50 | 000,136,816 | -H-- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 03:15:44 | 000,428,152 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/15 00:33:10 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | -H-- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/07 15:35:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D4E0965-2C3A-46A0-AD9E-3A1FF30C129F}\MpKsld3660322.sys -- (MpKsld3660322)
DRV - [2010/08/03 13:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/22 10:58:24 | 000,022,016 | -H-- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 10:58:24 | 000,022,016 | -H-- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2008/07/07 20:35:36 | 000,034,296 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamcatchme.sys -- (MBAMCatchMe)
DRV - [2008/05/28 13:33:38 | 000,007,408 | RH-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 13:33:36 | 000,055,024 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 13:33:36 | 000,008,944 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/01/26 20:13:40 | 000,017,712 | -H-- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 18:44:06 | 000,290,304 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 04:43:19 | 000,479,488 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 04:43:19 | 000,207,104 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 04:43:18 | 000,216,320 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/09 04:01:02 | 002,206,720 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/28 18:11:00 | 001,161,888 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 04:57:48 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/10/18 15:50:04 | 000,016,128 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | -H-- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2004/09/29 16:36:29 | 000,015,360 | -H-- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/25 00:06:18 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/03 18:51:18 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 19:08:35 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/05/04 20:53:54 | 000,000,000 | -H-D | M]

[2008/07/15 17:59:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/05/06 22:27:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions
[2010/08/19 19:17:24 | 000,000,000 | -H-D | M] (Linkification) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/08/19 19:17:24 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/08 18:31:04 | 000,000,000 | -H-D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/19 19:17:24 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/06 22:27:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/04 19:32:29 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/09/02 07:53:40 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/07/18 16:19:40 | 002,998,784 | -H-- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2008/07/15 18:30:37 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-1O9U2.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f7886f07-5e06-11df-b736-00a0d177bedf}\Shell - "" = AutoRun
O33 - MountPoints2\{f7886f07-5e06-11df-b736-00a0d177bedf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 15:38:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/07 08:33:12 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/07 08:06:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2011/05/06 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AD2
[2011/05/06 06:04:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 06:04:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 19:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2011/05/05 19:45:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Computer Clean-Up Kit
[2011/05/05 08:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/05/05 00:00:34 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Reactive.Software.Windows.Live.Password.Recovery.1.23.12.07.CRACKED-ONY
[2011/05/04 23:05:50 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Desktop\Windows 7 and Windows Vista Recovery Discs [x86&x64] BY KAILASH
[2011/05/04 20:57:11 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\ESET
[2011/05/04 20:57:11 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Local\ESET
[2011/05/04 20:53:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/05/04 20:53:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\ESET
[2011/05/04 20:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/03 22:26:05 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Documents\Downloads
[2011/05/03 22:02:58 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 15:38:49 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/07 15:38:39 | 000,709,456 | ---- | M] () -- C:\Windows\is-1O9U2.exe
[2011/05/07 15:38:39 | 000,010,562 | ---- | M] () -- C:\Windows\is-1O9U2.msg
[2011/05/07 15:38:39 | 000,000,341 | ---- | M] () -- C:\Windows\is-1O9U2.lst
[2011/05/07 15:36:40 | 000,000,882 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 15:35:55 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 15:35:55 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 15:35:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 15:35:35 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 15:29:00 | 000,000,886 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 08:46:45 | 000,000,104 | ---- | M] () -- C:\Users\Owner\Desktop\Cox HSI - Shortcut.lnk
[2011/05/07 08:45:16 | 000,000,576 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/07 08:39:11 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2011/05/05 20:37:51 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.new
[2011/05/05 19:46:14 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2011/05/03 22:05:34 | 000,000,400 | -H-- | M] () -- C:\ProgramData\24633120
[2011/05/03 22:03:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~24633120
[2011/05/03 22:03:47 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~24633120r
[2011/05/03 22:02:58 | 000,000,594 | -H-- | M] () -- C:\Users\Owner\Desktop\Windows Recovery.lnk
[2011/05/03 22:01:34 | 000,196,608 | -H-- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/03 08:53:16 | 000,131,072 | -H-- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 15:38:39 | 000,709,456 | ---- | C] () -- C:\Windows\is-1O9U2.exe
[2011/05/07 15:38:39 | 000,010,562 | ---- | C] () -- C:\Windows\is-1O9U2.msg
[2011/05/07 15:38:39 | 000,000,341 | ---- | C] () -- C:\Windows\is-1O9U2.lst
[2011/05/07 08:46:45 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Desktop\Cox HSI - Shortcut.lnk
[2011/05/07 08:44:39 | 000,000,576 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/05 19:46:14 | 000,000,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/05 19:46:14 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2011/05/03 22:03:47 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~24633120
[2011/05/03 22:03:47 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~24633120r
[2011/05/03 22:02:58 | 000,000,594 | -H-- | C] () -- C:\Users\Owner\Desktop\Windows Recovery.lnk
[2011/05/03 22:02:53 | 000,000,400 | -H-- | C] () -- C:\ProgramData\24633120
[2011/04/04 19:33:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/25 18:40:37 | 000,594,160 | -H-- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/01/25 18:40:29 | 000,589,960 | -H-- | C] () -- C:\Windows\System32\brgrt.dll
[2010/11/06 08:20:39 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/12/25 21:09:31 | 000,150,056 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/03 16:02:20 | 000,000,680 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/09/10 11:34:22 | 000,000,197 | -H-- | C] () -- C:\Windows\System32\MRT.INI
[2009/09/02 07:51:51 | 000,000,174 | -H-- | C] () -- C:\Windows\System32\UAChfeysivjas.dat
[2009/09/02 07:50:09 | 000,006,195 | -H-- | C] () -- C:\Windows\System32\uacinit.dll
[2008/08/25 00:06:54 | 000,000,025 | -H-- | C] () -- C:\Windows\cdplayer.ini
[2008/07/15 20:49:23 | 000,007,680 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/07/15 18:47:37 | 000,034,296 | -H-- | C] () -- C:\Windows\System32\drivers\mbamcatchme.sys
[2007/11/15 10:52:52 | 000,000,748 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/08/21 23:25:17 | 000,043,008 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/21 18:32:29 | 000,128,113 | -H-- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/21 18:32:29 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/21 18:32:29 | 000,010,150 | -H-- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/21 18:32:29 | 000,007,671 | -H-- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/02 15:01:09 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/02 15:01:09 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/02 15:01:08 | 000,200,704 | -H-- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/02 15:01:08 | 000,192,512 | -H-- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/02 15:01:08 | 000,192,512 | -H-- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/02 15:01:08 | 000,020,480 | -H-- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/02/28 16:47:07 | 000,000,000 | -H-- | C] () -- C:\Windows\NDSTray.INI
[2007/02/28 15:50:50 | 000,000,176 | -H-- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/02/28 15:50:50 | 000,000,176 | -H-- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/01/31 20:03:26 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2006/12/05 17:05:06 | 000,114,688 | -H-- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,325,464 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,612,364 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,796 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,180,224 | -H-- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 14:58:00 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:20 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

[RKinner]

Uninstall
Yahoo Toolbar

You are running two anti-viruses, ESET & MSSE. You need to remove one since they fight each other.

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
[2011/05/03 22:05:34 | 000,000,400 | -H-- | M] () -- C:\ProgramData\24633120
[2011/05/03 22:03:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~24633120
[2011/05/03 22:03:47 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~24633120r
[2011/05/03 22:02:58 | 000,000,594 | -H-- | C] () -- C:\Users\Owner\Desktop\Windows Recovery.lnk

:Files
C:\ProgramData\24633120
C:\ProgramData\~24633120
C:\ProgramData\~24633120r
C:\Users\Owner\Desktop\Windows Recovery.lnk

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select either the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Rightclick on mbam-setup.exe and select Run As Administrator to start.

* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before tunning Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on george and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply



Ron

[j1a3g8]

Ok, below is the recent log from the OTL after I copied and pasted the text you gave me.. I also attached the log from George and the aswMBR. The TDSS didn't give me anything, hopefully I did it right. I also got rid of both anti-virus programs and something with Yahoo but it didn't say "Toolbar".. The desktop icons are no longer "dimmed" and it seems to be running faster.. However the malwarebyte is saying the same thing..

OTL logfile created on: 5/7/2011 9:36:58 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 122.42 Gb Free Space | 66.23% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2006/12/20 03:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/08/24 01:17:22 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/02 18:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 21:50:26 | 000,063,096 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 03:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/06/22 10:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 10:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2008/07/07 20:35:36 | 000,034,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamcatchme.sys -- (MBAMCatchMe)
DRV - [2008/05/28 13:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 13:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 13:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/01/26 20:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 04:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 04:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 04:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/09 04:01:02 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 04:57:48 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2004/09/29 16:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/25 00:06:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/03 18:51:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 19:08:35 | 000,000,000 | ---D | M]

[2008/07/15 17:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/05/06 22:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions
[2010/08/19 19:17:24 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/08/19 19:17:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/08 18:31:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/19 19:17:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/06 22:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/04 19:32:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/09/02 07:53:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/07/18 16:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2011/05/07 21:23:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 21:26:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/07 21:26:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/05/07 21:23:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/07 21:09:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/07 21:09:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/07 21:09:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/07 21:09:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/07 21:06:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/07 20:28:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 20:24:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/07 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\lou
[2011/05/07 08:06:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2011/05/06 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AD2
[2011/05/06 06:04:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 06:04:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 08:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/05/04 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Windows 7 and Windows Vista Recovery Discs [x86&x64] BY KAILASH
[2011/05/04 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ESET
[2011/05/04 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESET
[2011/05/03 22:26:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/07 21:36:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/07 21:34:38 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2011/05/07 21:29:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/07 21:23:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/07 21:09:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/07 21:09:06 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 21:09:06 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 21:08:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 21:08:48 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 21:03:35 | 004,343,224 | R--- | M] () -- C:\Users\Owner\Desktop\George.exe
[2011/05/07 08:46:45 | 000,000,104 | ---- | M] () -- C:\Users\Owner\Desktop\Cox HSI - Shortcut.lnk
[2011/05/07 08:45:16 | 000,000,576 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2011/05/05 20:37:51 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.new
[2011/05/03 22:01:34 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/03 08:53:16 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 21:34:38 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2011/05/07 21:09:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/07 21:09:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/07 21:09:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/07 21:09:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/07 21:09:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/07 21:03:29 | 004,343,224 | R--- | C] () -- C:\Users\Owner\Desktop\George.exe
[2011/05/07 08:46:45 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Desktop\Cox HSI - Shortcut.lnk
[2011/05/07 08:44:39 | 000,000,576 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/04/04 19:33:13 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/25 18:40:37 | 000,594,160 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/01/25 18:40:29 | 000,589,960 | ---- | C] () -- C:\Windows\System32\brgrt.dll
[2010/11/06 08:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/25 21:09:31 | 000,150,056 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/03 16:02:20 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/09/10 11:34:22 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/08/25 00:06:54 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/15 20:49:23 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/07/15 18:47:37 | 000,034,296 | ---- | C] () -- C:\Windows\System32\drivers\mbamcatchme.sys
[2007/11/15 10:52:52 | 000,000,748 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/08/21 23:25:17 | 000,043,008 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/21 18:32:29 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/21 18:32:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/21 18:32:29 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/21 18:32:29 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/02 15:01:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/02 15:01:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/02 15:01:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/02 15:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/02 15:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/02 15:01:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/02/28 16:47:07 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/02/28 15:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/02/28 15:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/01/31 20:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2006/12/05 17:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,325,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,612,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,796 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 14:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

Attached Files

•  George's log.txt   10.11KB   99 downloads
•  aswMBR.txt   1.35KB   107 downloads

[RKinner]

You need an anti-virus. Let's try the free Avast!
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Uninstall SUPERAntiSpyware then try to download and install MalwareBytes AntiMalware again. Remember to right click and Run As administrator.

Ron

[j1a3g8]

Not sure what happened but I downloaded avast, did the scan like instructed and left it alone thinking it was going to take awhile.. I did click on "move to chest" once and it kept scanning. When I came back the start windows screen was up (where you type in your password.) Once I got in it said "unauthorized change made to windows" and it gives me two options 1) "learn more online", then it takes me straight here http://www.microsoft.com/genuine/ OR 2) "close", which logs me off and brings me back to the start screen... ??

[RKinner]

I think this is one of the things that gave Vista a bad rep. There is a MS article on fixing it:

http://support.microsoft.com/kb/931699 and even a forum dedicated to similar problems:

http://social.micros...b-56f0225f2e1a/

Your other option is to do a system restore back to a previous restore point.

It probably wouldn't hurt to check your hard drive for errors. While in Safe Mode:
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.

Before you reboot:

Start, Programs, Accessories, then right click on Command Prompt and select Run As Administrator. Continue. Type with an Enter after each line:

sfc /scannow

(This should check your critical system files. It usually says it can't fix all of them but when you read the log it just complains about settings.ini)

I don't think it's Avast related but you never know. If you want to uninstall Avast and install MSSE instead that should work now. http://www.microsoft...curity/mse.aspx

Ron

[j1a3g8]

Ok after reboot, it started the scan and seemed to be stuck on stage 3 of 5.. "CHKDSK verifying security.. 149824 sec. descriptors processed".. I left it on over night and it was still there in the morning so I figured it was time to restart..Did this twice.. Seems to be back to normal after restart and "press any key" to skip the scan the second time..? What next? Do you still recommend proceeding w/ malware and do I need to rescan w/ avast..? Thx Jay

[RKinner]

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Let's see what it looks like now.

Ron

[j1a3g8]

OTL logfile created on: 5/10/2011 7:43:16 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 122.07 Gb Free Space | 66.04% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/08/24 01:17:22 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/02 18:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 21:50:26 | 000,063,096 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 03:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/06/22 10:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP)
DRV - [2009/06/22 10:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd)
DRV - [2008/07/07 20:35:36 | 000,034,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamcatchme.sys -- (MBAMCatchMe)
DRV - [2008/05/28 13:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 13:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 13:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/01/26 20:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 04:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 04:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 04:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/09 04:01:02 | 002,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 04:57:48 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2004/09/29 16:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/25 00:06:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/08 08:11:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/03 18:51:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 19:08:35 | 000,000,000 | ---D | M]

[2008/07/15 17:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/05/09 19:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions
[2010/08/19 19:17:24 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/08/19 19:17:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/19 19:17:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\slftdvzz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/09 19:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/04 19:32:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/05/08 08:11:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/09/02 07:53:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/07/18 16:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll

O1 HOSTS File: ([2011/05/07 21:23:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 08:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/08 08:13:09 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/08 08:13:08 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/08 08:13:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/08 08:13:05 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/08 08:13:05 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/08 08:13:03 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/08 08:11:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/08 08:11:33 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/08 08:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/08 08:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/07 21:26:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/07 21:26:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/05/07 21:23:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/07 21:09:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/07 21:09:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/07 21:09:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/07 21:09:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/07 21:06:32 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/07 20:28:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\lou
[2011/05/07 08:06:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2011/05/06 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\AD2
[2011/05/06 06:04:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 06:04:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 08:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/05/04 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Windows 7 and Windows Vista Recovery Discs [x86&x64] BY KAILASH
[2011/05/04 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ESET
[2011/05/04 20:57:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ESET
[2011/05/03 22:26:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 07:30:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 07:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 07:26:48 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/05/10 07:24:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/05/10 07:22:15 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/05/10 07:21:35 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 07:21:35 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 07:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/10 07:21:17 | 2137,055,232 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 08:13:10 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/08 08:13:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/08 08:09:00 | 056,189,640 | ---- | M] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2011/05/07 21:34:38 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2011/05/07 21:23:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/07 21:03:35 | 004,343,224 | R--- | M] () -- C:\Users\Owner\Desktop\George.exe
[2011/05/07 08:45:16 | 000,000,576 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/05/07 08:06:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.com
[2011/05/05 20:37:51 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.new
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 09:30:40 | 2137,055,232 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/08 08:13:10 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/08 08:09:00 | 056,189,640 | ---- | C] () -- C:\Users\Owner\Desktop\setup_av_free.exe
[2011/05/07 21:34:38 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2011/05/07 21:09:26 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/07 21:09:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/07 21:09:26 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/07 21:09:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/07 21:09:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/07 21:03:29 | 004,343,224 | R--- | C] () -- C:\Users\Owner\Desktop\George.exe
[2011/05/07 08:44:39 | 000,000,576 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/04/04 19:33:13 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/25 18:40:37 | 000,594,160 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011/01/25 18:40:29 | 000,589,960 | ---- | C] () -- C:\Windows\System32\brgrt.dll
[2010/11/06 08:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/25 21:09:31 | 000,150,056 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/03 16:02:20 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/09/10 11:34:22 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/08/25 00:06:54 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/15 20:49:23 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/07/15 18:47:37 | 000,034,296 | ---- | C] () -- C:\Windows\System32\drivers\mbamcatchme.sys
[2007/11/15 10:52:52 | 000,000,748 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2007/08/21 23:25:17 | 000,043,008 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/21 18:32:29 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/21 18:32:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/21 18:32:29 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/21 18:32:29 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/02 15:01:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/02 15:01:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/02 15:01:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/02 15:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/02 15:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/02 15:01:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/02/28 16:47:07 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/02/28 15:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/02/28 15:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/01/31 20:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2006/12/05 17:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,325,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,612,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,796 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/03/09 14:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

[RKinner]

Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. What did it find?

Your log looks fairly clean. Yahoo Toolbar is back but otherwise nothing bad. How is it running now?

The fact that check disk is having problems may not be a good sign for the long term health of your hard drive.

Let's see if we have anything interesting in the event logs:


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run As Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

[j1a3g8]

When I ran Avast the first time I left it alone and when I came back it was on the "start" screen.. See post # 7. I never saw what it came up with after the scan of if it even finished the scan completely... Here's the new log from Vino


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 11/05/2011 6:07:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_1_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_1_for_KB958481~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_2_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_3_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_4_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_75_for_KB958481~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_7_for_KB958481~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_81_for_KB958481~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_8_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_9_for_KB948609~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB948609_client_0~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB948609_client_1~31bf3856ad364e35~x86~~6.0.6001.3053 () into Installed(Installed) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB948609_client~31bf3856ad364e35~x86~~6.0.6001.3053 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB958481_client_0~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB958481_client_1~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB958481_client~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 6:27:54 PM
Type: Error Category: 0
Event: 4375 Source: Microsoft-Windows-Servicing
Windows Servicing failed to complete the process of setting package Package_for_KB958481~31bf3856ad364e35~x86~~6.0.1.0 () into Staged(Staged) state

Log: 'System' Date/Time: 03/11/2010 7:58:14 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 03/11/2010 9:32:45 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk0\DR0, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/11/2010 6:24:18 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/11/2010 6:24:56 PM
Type: Warning Category: 0
Event: 5014 Source: NETw4v32
Intel® Wireless WiFi Link 4965AGN : The driver cannot function because the network adapter is disabled.

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

Log: 'System' Date/Time: 03/11/2010 6:32:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB958481(Update) is not applicable for this system

[j1a3g8]

However, seems to be running great..

[RKinner]

Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. Did it find anything?

Your Event Log has nothing newer than last year so I expect it is not working.

Right click on (My) Computer and select Manage (Continue)then Event Viewer then Windows Logs then doubleclick on System in the right pane. Do you get an error? If so. Right click on System and Clear Log, then Clear. Repeat for Application. Then reboot and go back into the logs and see if they now can be read and have current dates. If so run VEW again as before.

Ron