Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Gale_Tx

Pages: [1]
1
 :( :sos:  First of all, hello to the best site on the web for computer problems, I'm not just saying that because I'm in over my head once again either..... really. 

This all started when I kept getting a pop-up that said that Windows was shutting down.  I'd click on it and it would go back to normal soon enough.  A few days ago after running the MS Security Essentials, it said I had two viruses and a trojan, clicked on the clean button, after which it said it needed Windows Defender to complete the clean-up and to download the WD on a disc or a flash drive which I did, however, WD never downloaded as far as I can tell. 

Next, I tried to run Malwarebytes and couldn't find it, so, I deleted it from my Control Panel and reinstalled another premium version and I can't get that to work either.  That was probably the wrong way to do it, but, there you have it.

Here are the files you requested (hope I can find them again).  If I sound a little frustrated, you have no idea.  That beer up there is looking good up there and I don't even drink, lol.

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2012 11:02:58 AM
System Uptime: 8/24/2014 11:05:49 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-970A-D3
Processor: AMD FX(tm)-4100 Quad-Core Processor             | Socket M2 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 858.035 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 371.59 GiB free.
Y: is CDROM ()
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP604: 8/5/2014 6:29:41 PM - Windows Update
RP605: 8/8/2014 4:47:18 PM - Installed Java 7 Update 67
RP606: 8/10/2014 3:57:27 PM - Windows Update
RP632: 8/16/2014 11:24:11 AM - Installed Adblock Plus for IE (32-bit and 64-bit)
RP633: 8/16/2014 11:28:42 AM - Windows Update
RP634: 8/16/2014 1:17:13 PM - Windows Update
RP660: 8/20/2014 3:56:09 AM - Windows Update
RP661: 8/23/2014 4:35:09 PM - Windows Update
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

I couldn't get the other one to work, sorry.

Also note that I'm having to change between IE and FF to get anywhere.  I'm in a world of hurt.



2
Analysis and Malware Removal / Problem on DH's computer
« on: February 04, 2014, 04:27:10 PM »
Hi, this is Gale-Tx again.  Larry (DH) can't register because he can't get to his email.  Hope you don't mind if I help him thru my registry.  He was in the process of changing his password when his computer crashed.  Main problem is that it kept shutting down prior to this.

 Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
  Adobe Flash Player 12.0.0.43 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (Toolbar.)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by larry at 12:03:58 on 2014-02-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16346.14025 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\viakaraokesrv.exe
C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://firefox/
uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
mRun: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D9D7578F-8CA5-4BD3-9986-53CCF59380D4} : DHCPNameServer = 75.75.76.76 75.75.75.75
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [VideoDownloadConverter Home Page Guard 64 bit] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\larry\AppData\Roaming\Mozilla\Firefox\Profiles\m5seznuu.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll
FF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: C:\Users\larry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: !HIDDEN! 2013-10-09 05:35; 4zffxtbr@VideoDownloadConverter_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-2 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-2 21616]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-2 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-2 165144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-2 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-2 27760]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-10-9 42504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-2 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-2 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-2 104560]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-2 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-4 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-2 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-12-2 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 PciPPorts;PCI ECP Parallel Port;C:\Windows\System32\drivers\PciPPorts.sys [2013-5-17 96768]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-7 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-7 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-03 19:39:22   8199504   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9456AE1D-C51F-439B-B1BF-59087E8FC4AC}\mpengine.dll
2014-02-03 00:54:14   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D44FD72-DA7A-4BFA-9D31-2ECA2B2F05F8}\mpengine.dll
2014-02-01 22:03:26   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-31 00:00:05   8641416   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-01-26 21:23:10   --------   d-----w-   C:\Windows\System32\appmgmt
2014-01-24 01:27:56   965000   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F498DB0B-B92C-4EEB-861C-21AC6278CD1C}\gapaengine.dll
2014-01-22 14:37:13   --------   d-----w-   C:\ProgramData\Oracle
2014-01-22 14:35:41   --------   d-----w-   C:\Program Files (x86)\Bizzybolt
2014-01-18 19:07:14   --------   d-----w-   C:\Windows\CheckSur
2014-01-15 09:34:17   53248   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2014-01-15 09:34:17   325120   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2014-01-15 09:34:16   99840   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 09:34:16   7808   ----a-w-   C:\Windows\System32\drivers\usbd.sys
2014-01-15 09:34:16   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2014-01-15 09:34:16   30720   ----a-w-   C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 09:34:16   25600   ----a-w-   C:\Windows\System32\drivers\usbohci.sys
2014-01-15 09:34:14   376768   ----a-w-   C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-31 00:00:16   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-31 00:00:16   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 14:39:17   1095080   ----a-w-   C:\Windows\System32\npdeployJava1.dll
2014-01-22 14:39:16   973736   ----a-w-   C:\Windows\System32\deployJava1.dll
2014-01-19 07:33:29   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 12:04:41.43 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 12/2/2012 10:17:36 AM
System Uptime: 2/4/2014 11:50:10 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | H77M-D3H
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz | Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 166.217 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1799.476 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 1826.051 GiB free.
H: is FIXED (NTFS) - 596 GiB total, 505.015 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 523.814 GiB free.
L: is Removable
Y: is CDROM ()
Z: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: hlnfd
Device ID: ROOT\LEGACY_HLNFD\0000
Manufacturer:
Name: hlnfd
PNP Device ID: ROOT\LEGACY_HLNFD\0000
Service: hlnfd
.
==== System Restore Points ===================
.
RP402: 1/28/2014 3:01:20 AM - Windows Update
RP403: 1/28/2014 8:02:16 PM - Removed Java 7 Update 40 (64-bit)
RP404: 1/29/2014 3:01:10 AM - Windows Update
RP405: 1/29/2014 8:32:21 AM - Windows Update
RP406: 1/30/2014 3:01:18 AM - Windows Update
RP407: 1/30/2014 7:24:56 AM - Windows Update
RP408: 1/30/2014 9:37:51 PM - Windows Update
RP409: 2/1/2014 6:34:54 PM - Windows Update
RP410: 2/2/2014 9:16:10 AM - Windows Update
RP411: 2/2/2014 7:00:43 PM - Windows Backup
RP412: 2/2/2014 10:11:42 PM - Windows Update
RP413: 2/3/2014 1:36:39 PM - Removed AVG 2013
RP414: 2/3/2014 1:41:21 PM - Removed AVG 2013
RP415: 2/3/2014 7:15:51 PM - Windows Update
.
==== Installed Programs ======================
.
@BIOS
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoGreen B12.0206.1
Bejeweled 2 Deluxe 1.1
Bookworm Deluxe 1.13
Easy Tune 6 B12.0626.1
Google Earth
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MosChip PCI Multi-IO Controller
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
ON_OFF Charge B11.1102.1
Platform
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
SUPERAntiSpyware
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VIA Platform Device Manager
VideoDownloadConverter Firefox Toolbar
VideoDownloadConverter Internet Explorer Toolbar
Visual Studio 2010 x64 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
2/4/2014 7:57:10 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.3165.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/4/2014 7:27:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80015ba4b0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020414-25459-01.
2/4/2014 6:37:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000f5abf61, 0xfffff880035e08d8, 0xfffff880035e0130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020414-28111-01.
2/4/2014 11:53:45 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
2/4/2014 11:52:35 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/4/2014 11:52:35 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
2/4/2014 11:50:33 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  hlnfd
2/4/2014 10:49:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.3165.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/3/2014 8:31:12 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
2/3/2014 3:58:52 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{82AE899D-C6AC-4E50-9698-0C96DCD7B049}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:58:26 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{936C5DE4-D5AB-41FA-801A-348BC8D7C9A4}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:57:58 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{58EF1F64-BA9B-4C5C-98B4-53CD9BA38178}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:57:31 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4E12F986-E1A2-4B36-93E1-5C475CEE064F}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:57:03 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4A33156B-3768-485A-B98A-1799C75D260D}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:56:35 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D0425FF3-D247-471C-A476-B0B78C273887}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:56:07 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{541F8F21-BDDF-429A-BB7B-82321F217DC2}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:55:39 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{02706213-A860-477E-A615-89ABCC6FE81B}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:54:55 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E48EE6B6-00BC-4727-AB0E-DF9272D7DECF}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:54:12 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6B85F476-5926-448B-A8CF-31A388ADF569}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:53:29 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{35720CAD-5F25-49E3-B126-34D1EC6AAF9F}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:52:47 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1C780B74-6C08-4AC0-A945-B7F08FF2BA1B}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:51:59 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D93D4E67-13C1-44D6-8036-2BE7A0A0A65E}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 2:39:14 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:  An instance of the service is already running.
2/3/2014 2:37:14 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/3/2014 2:37:14 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume5.
2/3/2014 12:17:53 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
2/3/2014 1:39:29 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/2/2014 9:23:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a00c4d4010, 0x0000000080415000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-30030-01.
2/2/2014 8:24:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000f5b900a, 0xfffff880035e78d8, 0xfffff880035e7130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-32900-01.
2/2/2014 7:25:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000f5a244e, 0xfffff880094765e0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-32448-01.
2/2/2014 7:03:15 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E90AF1D0-FBD8-4C85-A2E3-BB42EBA9FA8A}' was corrupted and it has been recovered. Some data might have been lost.
2/2/2014 5:38:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000f58f44e, 0xfffff8800a72a5e0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-23868-01.
2/2/2014 4:34:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a00c4da110, 0x00000000803d4000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-24632-01.
2/2/2014 3:31:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a00f449220, 0x00000000806f8000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-24694-01.
2/2/2014 2:33:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a010c07010, 0x0000000080849000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-26114-01.
2/1/2014 7:48:34 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.2929.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/1/2014 6:33:58 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B09B9E43-B92B-44A9-9168-8BFF4A750C90}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:33:32 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F426D943-33CA-402E-9154-849D42E1CBD1}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:32:48 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{04F51FCB-7DBE-4DFB-AF0F-D2EBDFB8AE54}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:32:04 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4B7055B8-3857-4B3D-8D58-E6D468D8A125}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:31:19 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{31E4BE4D-EFC3-4EFA-9BEF-8BAF080C04D1}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:30:35 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{858D0E45-2F54-49D6-A3BC-456D2C0A4526}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:29:54 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E6C56EBA-57DD-4877-A81E-106D26012FB2}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:29:13 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{33BA6EA7-945B-4C3F-9502-0B9CB55FE4C7}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 4:44:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000f573f61, 0xfffff8800370f8d8, 0xfffff8800370f130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020114-38797-01.
1/31/2014 7:55:44 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.2929.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/31/2014 7:32:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000f29c8f3, 0xfffff88009285d50, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013114-44553-01.
1/31/2014 6:51:02 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.2929.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/30/2014 4:13:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2872339).
1/30/2014 4:13:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2676562).
1/29/2014 6:49:24 PM, Error: Service Control Manager [7034]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 3 time(s).
1/28/2014 7:53:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x00000000000c08a5, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012814-39780-01.
1/28/2014 6:37:06 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0DC94ED4-27B0-49F9-B4B5-0AF81ABCA379}' was corrupted and it has been recovered. Some data might have been lost.
1/28/2014 11:55:21 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F569C8D3-3636-4795-A96A-89EACE4AB7E1}' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================
 




3
Analysis and Malware Removal / Slooow computer, Flash problem?
« on: January 30, 2014, 12:13:50 PM »
Tks, Paddy for directing me to the right place.  I keep getting a pop-up about a Flash problem and I can't get it resolved. Shortly afterwards, my computer is so slow it's barely crawling.  Hope you can help me. TIA.  I'm not sure how to disable any script blocker, but here's the info requested:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by larry at 7:43:38 on 2014-01-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8173.6482 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\larry\AppData\LocalLow\alotservice\alotservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Users\larry\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Users\larry\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\splwow64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyServer = hxxp=127.0.0.1:49162;https=127.0.0.1:49162
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -
BHO: VideoFileDownload: {9194649F-7143-4308-90C1-D6A35B0E354E} -
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} -
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
uRun: [AmazonMP3DownloaderHelper] C:\Users\larry\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [iLivid] "C:\Users\larry\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [Amazon Cloud Player] "C:\Users\larry\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: RestrictRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: RestrictRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bookwormadventures/sis/popcaploader_v10_en.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A7D6E798-21E6-4DBB-9446-C0298F0F7CB3} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.

4
Computer Problems, Questions and Solutions! / Howdy, everyone.
« on: January 29, 2014, 04:54:13 PM »
It's been a while, I know you won't remember me, but I sure remember y'all.  So, when my computer decided to drive me more nutty than I already am I knew where to come. 

On my desktop Win 7, I started getting a pop-up ...... a lot saying that Flash Plug-in wasn't working, tried deleting and re-downloading to no avail. From research, I found that this happens often in Firefox, so I switched to my other browser, IE and now it's happening with that one, too.  Ugh! This happened a couple of days ago and it's been getting slooooower 'til it's barely crawling now.  HELP!

5
Analysis and Malware Removal / Computer arbitrarily shutting down
« on: March 14, 2012, 02:58:45 PM »
Hi, everyone. It's been a while. This shutting down problem starting happening a few weeks ago; we've had it in the shop twice and they couldn't fix it.  There's no particuliar time that it happens.  It will stay on forever if I let it sit there without doing anything.  If I'm watching a You-Tube video or something similiar, when it shuts down, I can still hear the video.  Makes me think it has something to do with the monitor perhaps?  I don't know but it's driving me crazy----which doesn't take much. :)

Trying to follow instructions: Here's my Erunt files:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gale at 2012-03-14 10:37:14
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 40 GB (53%) free of 76 GB
Total RAM: 2047 MB (75% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{2C2155DD-F9E5-49C8-B53C-4CE92333E1CE}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@movenetworks.com/Quantum Media Player]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIMNQMP.xpt
snapfishScript.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npmnqmp07030901.dll
nppdf32.dll
npsnapfish.dll
unins000.dat
unins000.exe

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Gale\Application Data\Mozilla\Firefox\Profiles\zprp9nem.default\searchplugins\
comcast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-12 1869152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-03-12 982880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-02-18 2423752]

C:\Documents and Settings\Gale\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe"="C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe:*:Disabled:BookWorm"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Support.com\bin\tgcmd.exe"="C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 3 months======

2012-03-13 08:38:55 ----D---- C:\Program Files\trend micro
2012-03-13 08:34:48 ----D---- C:\Program Files\ERUNT
2012-03-13 08:25:03 ----D---- C:\Documents and Settings\Gale\Application Data\SUPERAntiSpyware.com
2012-03-13 08:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-10 11:16:08 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-03-10 10:56:09 ----D---- C:\Program Files\Office Depot PC Support Agent
2012-03-09 08:55:36 ----ASH---- C:\pagefile.sys
2012-03-01 11:16:20 ----D---- C:\Program Files\MagicTune Premium
2012-02-27 16:19:20 ----D---- C:\Documents and Settings\Gale\Application Data\Leadertech
2012-02-16 02:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 02:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 22:40:13 ----A---- C:\WINDOWS\imsins.BAK
2012-02-15 22:35:37 ----HDC---- C:\WINDOWS\ie8
2012-02-07 14:56:13 ----D---- C:\Documents and Settings\Gale\Application Data\TuneUp Software
2012-02-07 14:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2012-02-06 22:05:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-06 21:21:10 ----SHD---- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-04 10:12:49 ----A---- C:\WINDOWS\system32\drivers\PortTalk.sys
2012-02-03 17:00:30 ----D---- C:\Program Files\officedepot_stk_sop
2012-02-03 14:19:07 ----A---- C:\TDSSKiller.2.6.19.0_03.02.2012_13.19.07_log.txt
2012-02-02 06:01:54 ----D---- C:\WINDOWS\ie8updates
2012-01-31 19:39:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-01-31 16:56:13 ----D---- C:\Documents and Settings\Gale\Application Data\supportdotcom
2012-01-31 16:56:00 ----D---- C:\Program Files\supportdotcom
2012-01-31 16:56:00 ----D---- C:\Program Files\Common Files\supportdotcom
2012-01-31 15:28:28 ----D---- C:\Documents and Settings\Gale\Application Data\QuickScan
2012-01-31 15:27:44 ----D---- C:\temp
2012-01-31 15:26:56 ----D---- C:\Program Files\Common Files\supportsoft
2012-01-25 15:00:46 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-01-25 15:00:42 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2012-01-24 17:20:31 ----D---- C:\Misc
2012-01-24 16:37:28 ----N---- C:\WINDOWS\system32\IJRMF.exe
2012-01-24 16:31:24 ----A---- C:\WINDOWS\TrueInstall.exe
2012-01-24 15:53:11 ----D---- C:\WINDOWS\system32\cache
2012-01-21 15:11:06 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-01-21 15:11:03 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-01-11 23:17:01 ----A---- C:\WINDOWS\system32\rp_stats.dat
2012-01-11 23:17:01 ----A---- C:\WINDOWS\system32\rp_rules.dat
2012-01-11 18:37:08 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-01-11 08:54:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-01-08 23:15:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-08 23:15:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2012-01-08 21:22:29 ----D---- C:\Program Files\MSN
2012-01-05 12:05:48 ----D---- C:\Program Files\AVG Secure Search
2012-01-05 12:03:01 ----D---- C:\Documents and Settings\Gale\Application Data\AVG2012
2012-01-05 12:01:42 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012
2012-01-05 11:49:52 ----D---- C:\Documents and Settings\Gale\Application Data\AVG Secure Search

======List of files/folders modified in the last 3 months======

2012-03-14 10:37:16 ----D---- C:\WINDOWS\temp
2012-03-14 10:37:15 ----D---- C:\WINDOWS\Prefetch
2012-03-14 10:37:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-14 09:48:55 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2012-03-14 09:48:52 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-03-14 09:37:26 ----D---- C:\WINDOWS\system32\NtmsData
2012-03-13 13:04:33 ----D---- C:\Program Files\Mozilla Firefox
2012-03-13 09:06:12 ----D---- C:\WINDOWS\ERDNT
2012-03-13 08:38:55 ----RD---- C:\Program Files
2012-03-13 08:37:23 ----D---- C:\WINDOWS\system32\drivers
2012-03-13 08:26:32 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-12 11:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-03-11 12:23:07 ----D---- C:\WINDOWS\system32
2012-03-11 08:59:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-03-11 08:57:29 ----D---- C:\WINDOWS
2012-03-10 23:43:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-03-10 23:43:46 ----HD---- C:\WINDOWS\inf
2012-03-10 19:29:39 ----RSD---- C:\WINDOWS\assembly
2012-03-10 19:24:57 ----D---- C:\WINDOWS\Microsoft.NET
2012-03-10 17:59:59 ----D---- C:\Program Files\Microsoft Silverlight
2012-03-10 16:53:05 ----SHD---- C:\WINDOWS\Installer
2012-03-10 16:53:00 ----D---- C:\Config.Msi
2012-03-10 16:52:10 ----D---- C:\WINDOWS\WinSxS
2012-03-10 16:41:18 ----D---- C:\Program Files\Internet Explorer
2012-03-10 16:39:34 ----D---- C:\WINDOWS\system32\CatRoot
2012-03-10 12:50:05 ----D---- C:\Program Files\Outlook Express
2012-03-10 11:12:45 ----D---- C:\WINDOWS\system32\en-us
2012-03-10 11:12:44 ----D---- C:\WINDOWS\Media
2012-03-10 11:12:44 ----D---- C:\WINDOWS\Help
2012-03-10 11:11:34 ----D---- C:\WINDOWS\system32\config
2012-03-10 11:10:58 ----D---- C:\WINDOWS\system32\wbem
2012-03-10 11:10:58 ----D---- C:\WINDOWS\Registration
2012-03-10 11:01:17 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-28 12:15:28 ----SD---- C:\WINDOWS\Tasks
2012-02-27 16:54:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-02-27 16:26:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-02-16 02:22:02 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-15 22:31:48 ----D---- C:\WINDOWS\Debug
2012-02-15 22:15:25 ----AC---- C:\WINDOWS\NeroDigital.ini
2012-02-07 16:10:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2012-02-07 16:10:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2012-02-07 16:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2012-02-07 16:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2012-02-07 16:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-02-07 16:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2012-02-07 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-02-07 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2012-02-07 16:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2012-02-07 16:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2012-02-07 16:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2012-02-07 16:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$
2012-02-07 16:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2012-02-07 16:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2012-02-07 16:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2012-02-07 16:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2012-02-07 16:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB891122$
2012-02-07 16:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB917159$
2012-02-07 16:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2012-02-07 16:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2012-02-07 16:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2012-02-07 16:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB925486$
2012-02-07 16:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2012-02-07 16:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB929969$
2012-02-07 16:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB931836$
2012-02-07 16:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB933360$
2012-02-07 16:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2012-02-07 16:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2012-02-07 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2012-02-07 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2012-02-07 16:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2012-02-07 16:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-02-07 16:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2012-02-07 16:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946627$
2012-02-07 16:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2012-02-07 16:09:39 ----DC---- C:\WINDOWS\$NtUninstallKB952011$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2012-02-07 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-02-07 16:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2012-02-07 16:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2012-02-07 16:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2012-02-07 16:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-02-07 16:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-02-07 16:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2012-02-07 16:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2012-02-07 16:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2012-02-07 16:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-02-07 16:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2012-02-07 16:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2012-02-07 16:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-02-07 16:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-02-07 16:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-02-07 16:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2012-02-07 16:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2012-02-07 16:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-02-07 16:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2012-02-07 16:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-02-07 16:09:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2012-02-06 22:06:40 ----D---- C:\WINDOWS\SoftwareDistribution
2012-02-03 17:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\Support.com
2012-02-03 16:49:11 ----D---- C:\WINDOWS\security
2012-02-03 14:34:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 21:06:57 ----SHD---- C:\RECYCLER
2012-01-31 19:34:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-01-31 19:17:16 ----D---- C:\Documents and Settings
2012-01-31 16:56:00 ----D---- C:\Program Files\Common Files
2012-01-27 00:20:26 ----AC---- C:\WINDOWS\system32\MRT.exe
2012-01-24 16:32:27 ----D---- C:\Program Files\CyberLink DVD Solution
2012-01-24 16:10:10 ----RSD---- C:\WINDOWS\Fonts
2012-01-24 16:07:39 ----D---- C:\swsetup
2012-01-24 16:01:30 ----RASH---- C:\boot.ini
2012-01-24 16:01:30 ----AC---- C:\WINDOWS\win.ini
2012-01-24 16:01:30 ----AC---- C:\WINDOWS\system.ini
2012-01-24 16:01:28 ----D---- C:\WINDOWS\pss
2012-01-21 16:04:39 ----D---- C:\Program Files\Common Files\Adobe
2012-01-21 16:04:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-06 20:20:50 ----D---- C:\Program Files\Online Services
2012-01-05 12:00:08 ----D---- C:\Program Files\AVG
2012-01-05 11:11:27 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-01-05 11:02:18 ----D---- C:\Program Files\Blockbuster
2012-01-05 10:59:04 ----SD---- C:\Documents and Settings\Gale\Application Data\Microsoft
2012-01-05 10:51:21 ----D---- C:\Program Files\Shockwave.com
2011-12-18 15:46:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\wininet.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\urlmon.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\url.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\occache.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mstime.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mshtmled.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\msfeeds.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\licmgr10.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\jsproxy.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iertutil.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iepeers.dll
2011-12-17 14:46:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2011-12-16 07:23:08 ----A---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-05-18 74112]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-07-13 8413]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\Gale\LOCALS~1\Temp\catchme.sys []
S3 epstw2k;SCM Parallel Port SCSI Driver; C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2004-08-04 114944]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 scsiscan;SCSI Scanner Driver; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 ssmirrdr;ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [2011-03-15 10112]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USR1801;U.S. Robotics Faxmodem Driver 1801; C:\WINDOWS\System32\DRIVERS\USR1801.SYS [2001-08-17 794654]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 Office Depot PC Support Agent;Office Depot PC Support Agent; C:\Program Files\Office Depot PC Support Agent\esService.exe [2011-11-10 924568]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-25 136176]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-17 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

When I downloaded the INTREGOPT - the registry thing - no logs came up.  It just wanted me to reboot my computer.

When I tried to download the Root Appeal, I get an error that says "invalid PE image found".

ANYTHING you can do to help would be very much appreciated.  TIA

Pages: [1]