Computer running oddly, slowly and shutting off by itself

[Kimmie!]

I am working on a friend's computer.

This computer is

They stated that the computer would just shut off and doing weird stuff. The mom could not state what the weird stuff was except for shutting down.

I ran the malwarebytes and dds. Gmer did not run. It started three times but this is when the computer started acting up. It did completly shut off all three times while scanning with Gmer.

The notepad logs weird weird also because the font was Wingdings3. At first I thought it was doing it's weird thing but when I was able to select all text and change the font, it let me.

Here are the log files.
I have to upload this now without the logs. I am afraid it is going to shut down again. I will fill in the information about the computer and OS in a minute. Sorry

KimC

[Kimmie!]

The computer OS is Windows Vista Home Premium version. This is an HP computer.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3708
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

8/25/2010 10:21:59 PM
mbam-log-2010-08-25 (22-21-40).txt

Scan type: Quick Scan
Objects scanned: 105135
Time elapsed: 35 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9a5b84b4-fc31-41f3-8744-ee1599395bcd} (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a5b84b4-fc31-41f3-8744-ee1599395bcd} (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9a5b84b4-fc31-41f3-8744-ee1599395bcd} (Password.Stealer) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Kimmie!]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-25 22:52:38
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\main\AppData\Local\Temp\kwldypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbdcap.SYS
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbdcap.SYS

---- EOF - GMER 1.0.15 ----

[Kimmie!]

I will have to rerun this in tomorrow. It ran and generated the logs but Then the computer shut down..

I have to go to bed now. I am falling asleep while typing.

Thank you for reading this and helping me, while I am helping a find.

I appreciated all your time reading this problem...

[Kimmie!]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2007 6:25:06 AM
System Uptime: 8/25/2010 10:53:28 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Hematite-XL
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 1800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 248.011 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.996 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1010: 5/24/2010 9:50:33 PM - Windows Update
RP1011: 8/25/2010 10:01:09 PM - Windows Update

==== Installed Programs ======================

4shared Desktop
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Macro Recorder V5.5 (Pro V5.2) Trial Version
avast! Internet Security
AviSynth 2.5
Bonjour
BufferChm
CCleaner
CustomerResearchQFolder
Deer Hunter 3 Gold
DeviceDiscovery
DeviceManagementQFolder
Dinosaur Battles(TM)
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fisher-Price Petshop
Free Audio CD Burner version 1.2
Free YouTube to iPod Converter version 3.2
Free YouTube to MP3 Converter version 3.2
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
ijji Auto Installer
iPhone_OS_3 Toolbar
iTunes
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
John Deere American Farmer TM v1.0
Kid Pix Deluxe 3
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe 1.4.142.1
LimeWire 5.5.8
Malwarebytes' Anti-Malware
Marine Sharpshooter
Marine Sharpshooter 3
Marine Sharpshooter II: Jungle Warfare
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
MySpaceIM
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 2.4
Pando Media Booster
PanoStandAlone
Pivot Stickfigure Animator
PrivacyControl
PSSWCORE
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roller Coaster Tycoon 2
Roxio Activation Module
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Sandlot Games Client Services
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
SwiftKit
Symantec Technical Support Web Controls
Tonka Garage
Tonka Raceway
Toolbox
TrayApp
Uninstall 1.0.0.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
URGE
Videora iPod touch Converter 5.04
VideoToolkit01
WebReg
Windows Live installer
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)
XPort 360
Yahoo! Toolbar
YouTube Downloader App 2.03
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

8/25/2010 8:19:22 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/25/2010 8:01:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6
8/25/2010 8:01:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2010 8:00:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/25/2010 8:00:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/25/2010 8:00:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2010 8:00:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/25/2010 8:00:19 PM, Error: EventLog [6008] - The previous system shutdown at 10:02:05 PM on 6/1/2010 was unexpected.
8/25/2010 10:37:03 PM, Error: EventLog [6008] - The previous system shutdown at 10:35:12 PM on 8/25/2010 was unexpected.
8/25/2010 10:33:12 PM, Error: EventLog [6008] - The previous system shutdown at 10:31:08 PM on 8/25/2010 was unexpected.

==== End Of File ===========================

[Kimmie!]

DDS (Ver_10-03-17.01) - NTFSx86
Run by main at 23:07:16.40 on Wed 08/25/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.894.129 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\main\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPh0.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPh0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1C3C4699-B285-475F-BE47-0B26088CE876} - No File
BHO: {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - No File
BHO: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPh0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: iPhone OS 3 Toolbar: {74714d77-1695-4e73-a98e-25cb374f46b4} - c:\program files\iphone_os_3\tbiPh0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; Zune 3.0; .NET CLR 1.1.4322)" -"http://www.miniclip.com/games/go-karts/en/"
mRun: [Yahoo Messenger]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\main\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
uPolicies-explorer: HideClock = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
STS: {e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\main\appdata\roaming\mozilla\firefox\profiles\4rn2m3im.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-5-5 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-5-5 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-5-5 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-5-5 307280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-29 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-29 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-29 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-5-5 119200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 40384]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-1-2 109440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-08-26 02:34:30 93056 ----a-w- C:\kwldypog.sys

==================== Find3M ====================

2010-05-05 13:43:24 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-05 13:43:24 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-05 13:43:23 86016 ----a-w- c:\windows\inf\infstor.dat
2008-10-01 12:57:35 174 --sha-w- c:\program files\desktop.ini
2008-10-01 12:28:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-26 20:55:58 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-26 20:55:58 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-26 20:55:58 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-05-06 21:27:34 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-25 01:38:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-05-25 01:38:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-25 01:38:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-02-10 21:21:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-08 21:36:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\internet explorer\domstore\index.dat
2010-01-20 16:19:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011120100118\index.dat
2010-01-30 22:26:04 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010011820100125\index.dat
2010-02-01 11:53:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010012520100201\index.dat
2010-02-01 14:24:47 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010020120100202\index.dat
2010-03-18 10:57:55 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 23:10:22.21 ===============

[Broni]

Your MBAM log says "No action taken" after each line.
Please, re-run it, fix all issues and post new log.

=================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[Kimmie!]

This is the new log this morning. I did notice the the first log stated "no action taken". I thought that was odd since it found 3 infected files and I did remove them.

Thanks
PS. Troy is helping again. He works at a call center and likes working on computers. This is a valuable lesson for him.


Malwarebytes' Anti-Malware 1.44
Database version: 3708
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

8/26/2010 7:04:23 AM
mbam-log-2010-08-26 (07-04-23).txt

Scan type: Quick Scan
Objects scanned: 104692
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected

[Broni]

MBAM log is incomplete.
Please, repost.