Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

What's happening?

Started by Kwidda , Apr 19 2010 10:56 AM

  • Please log in to reply

#1
Kwidda
Posted 19 April 2010 - 10:56 AM

Kwidda

    New Member

  • Member
  • Pip
  • 6 posts
Hello,
I have a Sony Vaio FW series laptop computer running Windows Vista Home Premium 64-bit. I'm having major issues with it.
Just recently I've downloaded only two programs on my computer. AVG 9.0 Free and MSN messenger. If I'm online or running another program it will lag and then freeze, but when it freezes or doesn't respond and it won't exit out of it, but when it does this it affects all the programs that are running, including the start tool bar preventing me from shutting down the normal way and forcing me to hold down the power button. This has been progressing for about a week and I didn't think much of it until it started do this constantly. There are also times when I turn the laptop on it just stops and hangs at the loading screen, or even at times I get a message wanting to preform a disk check, but the disk check doesn't seem to do any good. I also just recently had a virus by the name of Vista Anti virus 2010, but I got rid of it by restoring my computer and that's when I found out windows had turned off my anti virus for some reason. Anyway, that was the last time I restored my computer, but now I don't have any restore points. I'm having major issues here, and the only way I can be on a program without the hanging and freezing is if I'm running on safe mode with networking. I think that the problem could be that there is still some virus/malware stuff left on my computer. I hope someone here can help me, because calling Microsoft did nothing to resolve the problem. Thank you in advance!




edit:
I did everything on the Malware and Spyware Cleaning Guide and that hasn't changed anything, so I'm hoping maybe the logs will show some information that can help me fix this issue.
Below I have 3 logs. OLT, GMER, and MBAM logs. I hope that will help also.









OLT LOG
OTL logfile created on: 4/18/2010 11:40:10 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Krista\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.97 Gb Total Space | 157.70 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTA-PC
Current User Name: Krista
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/18 23:33:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Krista\Downloads\OTL.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Users\Krista\AppData\Local\Temp\gmer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/18 23:33:48 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Krista\Downloads\OTL.exe
MOD - [2009/04/11 00:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/09/24 19:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/04/11 01:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/09/29 16:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2008/08/06 19:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/06/12 00:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2008/06/12 00:10:46 | 000,107,808 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/04/30 21:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 20:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/27 18:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/20 22:34:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 22:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/24 13:13:36 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/28 18:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/15 06:17:50 | 000,139,808 | ---- | M] (Realtek Semiconductor) [Auto | Stopped] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/20 09:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 09:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/05/22 15:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 15:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 20:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 20:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 20:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 02:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 02:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 02:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 07:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople_f08
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rsu.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://rsu.edu/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/11 09:54:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/16 23:21:20 | 000,000,000 | ---D | M]

[2009/04/27 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Mozilla\Extensions
[2009/02/09 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/18 09:12:27 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\extensions
[2009/10/23 11:34:35 | 000,000,000 | ---D | M] (Vivox Voice Plugin) -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\extensions\{ABAD4342-3FDA-4ccf-80AC-B6D0EECACA07}
[2010/03/31 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\extensions\[email protected]
[2009/05/06 18:51:54 | 000,000,653 | ---- | M] () -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\searchplugins\yahoo-search.xml
[2009/05/18 03:12:05 | 000,000,872 | ---- | M] () -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\searchplugins\yahoo.gif
[2009/05/18 03:12:05 | 000,000,464 | ---- | M] () -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\searchplugins\yahoo.src
[2009/05/18 03:11:53 | 000,001,765 | ---- | M] () -- C:\Users\Krista\AppData\Roaming\Mozilla\Firefox\Profiles\b4fj1ywh.default\searchplugins\yahoo.xml
[2010/04/16 22:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b5112d17-19f4-11df-a72d-00214f4a0473}\Shell - "" = AutoRun
O33 - MountPoints2\{b5112d17-19f4-11df-a72d-00214f4a0473}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 21:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 21:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/18 23:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CAM Development
[2010/04/18 22:59:06 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2010/04/18 22:46:01 | 000,290,088 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Touch_Tablet.dll
[2010/04/18 22:46:01 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Touch_Tablet.dll
[2010/04/18 22:46:01 | 000,000,000 | ---D | C] -- C:\Users\Krista\AppData\Roaming\WTouch
[2010/04/18 22:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/04/18 22:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2010/04/18 19:55:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/18 19:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/04/17 12:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/17 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/17 11:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2010/04/17 10:40:11 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/17 10:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2010/04/14 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\Krista\Tracing
[2010/04/14 19:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/04/14 19:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/04/14 19:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/04/14 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/04/14 19:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/04/10 18:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/10 17:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/10 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/10 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/04/10 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/04/10 14:49:01 | 000,000,000 | ---D | C] -- C:\Users\Krista\AppData\Roaming\PC Tools
[2010/04/10 14:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/10 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/10 14:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[1 C:\Users\Krista\Documents\*.tmp files -> C:\Users\Krista\Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/18 23:37:21 | 002,621,440 | -HS- | M] () -- C:\Users\Krista\ntuser.dat
[2010/04/18 23:36:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2010/04/18 23:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/18 23:01:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/18 23:01:04 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 23:01:04 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 22:59:54 | 000,524,288 | -HS- | M] () -- C:\Users\Krista\ntuser.dat{18e62e5c-4459-11df-96ab-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2010/04/18 22:59:54 | 000,065,536 | -HS- | M] () -- C:\Users\Krista\ntuser.dat{18e62e5c-4459-11df-96ab-00214f4a0473}.TM.blf
[2010/04/18 22:43:16 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/18 22:43:16 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/18 22:43:16 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/18 20:08:59 | 000,000,000 | ---- | M] () -- C:\Users\Krista\AppData\Local\prvlcl.dat
[2010/04/18 19:54:33 | 000,000,769 | ---- | M] () -- C:\Users\Krista\.thumbnails\Desktop\NTREGOPT.lnk
[2010/04/18 19:54:33 | 000,000,750 | ---- | M] () -- C:\Users\Krista\.thumbnails\Desktop\ERUNT.lnk
[2010/04/18 17:38:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/18 12:17:35 | 642,432,505 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/17 12:58:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/04/17 00:17:05 | 000,000,732 | ---- | M] () -- C:\Users\Krista\AppData\Local\d3d9caps64.dat
[2010/04/16 23:21:21 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/16 20:54:44 | 000,000,680 | ---- | M] () -- C:\Users\Krista\AppData\Local\d3d9caps.dat
[2010/04/16 07:04:54 | 000,063,098 | ---- | M] () -- C:\Users\Krista\Documents\Texting While Driving.pptm
[2010/04/14 19:54:48 | 000,002,015 | ---- | M] () -- C:\Users\Krista\.thumbnails\Desktop\Windows Live Messenger .lnk
[2010/04/13 22:22:53 | 000,027,136 | ---- | M] () -- C:\Users\Krista\Documents\Rhetorical Precis.dot
[2010/04/10 17:33:08 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/10 17:31:38 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/10 17:04:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/10 16:57:02 | 000,524,288 | -HS- | M] () -- C:\Users\Krista\ntuser.dat{18e62e5c-4459-11df-96ab-00214f4a0473}.TMContainer00000000000000000002.regtrans-ms
[2010/04/10 16:34:32 | 000,524,288 | -HS- | M] () -- C:\Users\Krista\ntuser.dat{c94fad5a-23fd-11df-8eeb-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 16:34:32 | 000,065,536 | -HS- | M] () -- C:\Users\Krista\ntuser.dat{c94fad5a-23fd-11df-8eeb-00214f4a0473}.TM.blf
[2010/04/10 16:23:47 | 000,012,038 | -HS- | M] () -- C:\Users\Krista\AppData\Local\Xe8v
[2010/04/10 16:23:47 | 000,012,038 | -HS- | M] () -- C:\ProgramData\Xe8v
[2010/04/05 02:07:31 | 000,026,624 | ---- | M] () -- C:\Users\Krista\Documents\Puppy Mill Works Cited.doc
[1 C:\Users\Krista\Documents\*.tmp files -> C:\Users\Krista\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/18 23:36:25 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\CAM UnZip.lnk
[2010/04/18 19:54:33 | 000,000,769 | ---- | C] () -- C:\Users\Krista\.thumbnails\Desktop\NTREGOPT.lnk
[2010/04/18 19:54:33 | 000,000,750 | ---- | C] () -- C:\Users\Krista\.thumbnails\Desktop\ERUNT.lnk
[2010/04/17 12:58:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/04/17 12:57:52 | 000,440,942 | ---- | C] () -- C:\Users\Krista\AppData\Local\dd_vcredistMSI5417.txt
[2010/04/17 12:57:52 | 000,011,618 | ---- | C] () -- C:\Users\Krista\AppData\Local\dd_vcredistUI5417.txt
[2010/04/17 00:17:05 | 000,000,732 | ---- | C] () -- C:\Users\Krista\AppData\Local\d3d9caps64.dat
[2010/04/16 20:54:44 | 000,000,680 | ---- | C] () -- C:\Users\Krista\AppData\Local\d3d9caps.dat
[2010/04/16 06:09:10 | 000,063,098 | ---- | C] () -- C:\Users\Krista\Documents\Texting While Driving.pptm
[2010/04/14 19:54:48 | 000,002,015 | ---- | C] () -- C:\Users\Krista\.thumbnails\Desktop\Windows Live Messenger .lnk
[2010/04/13 22:22:52 | 000,027,136 | ---- | C] () -- C:\Users\Krista\Documents\Rhetorical Precis.dot
[2010/04/12 22:59:27 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/10 17:33:08 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/10 17:31:38 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/10 17:04:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/10 16:43:01 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{18e62e5c-4459-11df-96ab-00214f4a0473}.TMContainer00000000000000000002.regtrans-ms
[2010/04/10 16:43:00 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{18e62e5c-4459-11df-96ab-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 16:43:00 | 000,065,536 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{18e62e5c-4459-11df-96ab-00214f4a0473}.TM.blf
[2010/04/10 14:49:03 | 000,438,778 | ---- | C] () -- C:\Users\Krista\AppData\Local\dd_vcredistMSI063E.txt
[2010/04/10 14:49:03 | 000,014,130 | ---- | C] () -- C:\Users\Krista\AppData\Local\dd_vcredistUI0641.txt
[2010/04/10 14:49:02 | 000,014,958 | ---- | C] () -- C:\Users\Krista\AppData\Local\dd_vcredistUI063E.txt
[2010/04/10 14:22:58 | 000,012,038 | -HS- | C] () -- C:\Users\Krista\AppData\Local\Xe8v
[2010/04/10 14:22:58 | 000,012,038 | -HS- | C] () -- C:\ProgramData\Xe8v
[2010/04/05 02:07:30 | 000,026,624 | ---- | C] () -- C:\Users\Krista\Documents\Puppy Mill Works Cited.doc
[2010/02/28 16:29:43 | 000,009,126 | -HS- | C] () -- C:\Users\Krista\AppData\Local\RYWytq56AV
[2010/02/27 18:34:04 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{c94fad5a-23fd-11df-8eeb-00214f4a0473}.TMContainer00000000000000000002.regtrans-ms
[2010/02/27 18:34:04 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{c94fad5a-23fd-11df-8eeb-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2010/02/27 18:34:04 | 000,065,536 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{c94fad5a-23fd-11df-8eeb-00214f4a0473}.TM.blf
[2010/02/27 14:15:19 | 000,009,890 | -HS- | C] () -- C:\Users\Krista\AppData\Local\MVkXhU7
[2010/02/26 12:48:19 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{370f1acc-226d-11df-862f-00214f4a0473}.TMContainer00000000000000000002.regtrans-ms
[2010/02/26 12:48:19 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{370f1acc-226d-11df-862f-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2010/02/26 12:48:19 | 000,065,536 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{370f1acc-226d-11df-862f-00214f4a0473}.TM.blf
[2010/02/25 10:58:00 | 000,012,780 | -HS- | C] () -- C:\Users\Krista\AppData\Local\RHpCMfQD4
[2009/10/30 00:15:51 | 000,000,000 | ---- | C] () -- C:\Users\Krista\AppData\Local\prvlcl.dat
[2009/09/18 06:52:52 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/18 06:51:02 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/30 20:56:12 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/06/30 20:56:12 | 000,000,088 | RHS- | C] () -- C:\ProgramData\CB1CA7F824.sys
[2009/04/11 23:08:51 | 000,001,160 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/04/11 23:08:51 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\6478251854.sys
[2009/03/30 22:57:54 | 000,016,526 | ---- | C] () -- C:\Users\Krista\.recently-used.xbel
[2009/03/29 23:35:34 | 000,108,251 | ---- | C] () -- C:\Users\Krista\dcreaver.exe
[2009/03/26 16:30:35 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{a11c73da-1a55-11de-9d7d-00214f4a0473}.TMContainer00000000000000000002.regtrans-ms
[2009/03/26 16:30:35 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{a11c73da-1a55-11de-9d7d-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2009/03/26 16:30:35 | 000,065,536 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{a11c73da-1a55-11de-9d7d-00214f4a0473}.TM.blf
[2009/03/17 21:04:52 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{663be3cc-1369-11de-9c37-00214f4a0473}.TMContainer00000000000000000002.regtrans-ms
[2009/03/17 21:04:52 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{663be3cc-1369-11de-9c37-00214f4a0473}.TMContainer00000000000000000001.regtrans-ms
[2009/03/17 21:04:52 | 000,065,536 | -HS- | C] () -- C:\Users\Krista\ntuser.dat{663be3cc-1369-11de-9c37-00214f4a0473}.TM.blf
[2009/02/16 00:17:34 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/12/20 21:08:13 | 000,027,070 | ---- | C] () -- C:\Users\Krista\AppData\Roaming\UserTile.png
[2008/12/20 20:40:15 | 000,032,768 | ---- | C] () -- C:\Users\Krista\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/20 19:52:30 | 000,000,630 | ---- | C] () -- C:\Users\Krista\AppData\Roaming\wklnhst.dat
[2008/12/20 18:56:24 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2008/12/20 18:56:24 | 000,524,288 | -HS- | C] () -- C:\Users\Krista\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2008/12/20 18:56:24 | 000,262,144 | -H-- | C] () -- C:\Users\Krista\ntuser.dat.LOG1
[2008/12/20 18:56:24 | 000,065,536 | -HS- | C] () -- C:\Users\Krista\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2008/12/20 18:56:24 | 000,000,020 | -HS- | C] () -- C:\Users\Krista\ntuser.ini
[2008/12/20 18:56:24 | 000,000,000 | -H-- | C] () -- C:\Users\Krista\ntuser.dat.LOG2
[2008/12/20 18:56:22 | 002,621,440 | -HS- | C] () -- C:\Users\Krista\ntuser.dat
[2008/09/02 08:41:45 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2008/12/27 22:20:04 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\acccore
[2009/03/03 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Auslogics
[2010/03/04 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\AVG9
[2010/02/18 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\BitZipper
[2009/03/30 22:57:54 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\gtk-2.0
[2008/12/21 20:34:17 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\InterVideo
[2009/02/21 12:54:34 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\iPhoneRingToneMaker
[2009/03/26 18:29:05 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\IrfanView
[2009/06/15 22:53:16 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\LimeWire
[2009/03/31 19:22:45 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Opera
[2009/04/04 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Printer Info Cache
[2009/01/19 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\SoundSpectrum
[2009/08/29 23:06:29 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\SYSTEMAX Software Development
[2009/03/03 20:37:17 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Template
[2010/04/17 14:03:56 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\uTorrent
[2009/10/30 15:48:35 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Vivox
[2009/04/04 23:36:13 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Wal-Mart
[2009/04/04 23:34:14 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Wal-Mart Digital Photo Manager
[2009/04/04 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\Wal-Mart Digital Photo Viewer
[2009/04/11 22:37:47 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\WildTangent
[2010/04/18 22:46:19 | 000,000,000 | ---D | M] -- C:\Users\Krista\AppData\Roaming\WTouch
[2010/04/18 17:38:41 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 01:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/04/29 18:03:13 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 01:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 20:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) MD5=2C040B7ADA5B06F6FACADAC8514AA034 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 01:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >




GMER LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 11:50:46
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3dea74cc
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3dea7631
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f4a0473
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f517176
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3dea74cc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3dea7631 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f4a0473 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00214f517176 (not active ControlSet)

---- EOF - GMER 1.0.15 ----



MBAM LOG
Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18904

4/19/2010 11:36:20 AM
mbam-log-2010-04-19 (11-36-20).txt

Scan type: Quick Scan
Objects scanned: 96993
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Kwidda, 19 April 2010 - 10:59 AM.

  • 0

Advertisements

#2
RKinner
Posted 23 April 2010 - 09:48 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
There's not much we can do with 64bit systems. Most of our tools don't work on them.

Your logs don't show anything obvious however since you say that it runs OK in Safe Mode you may be able to isolate the problem.

Windows logo (old Start), Programs, Accessories, then right click on Command Prompt and Run as Administrator.

Type:

msconfig

Then hit Enter. Uncheck all of the Startup items then go to Services and check Hide Microsoft Services then uncheck all that remain. OK and reboot. Cancel the msconfig when it comes up. If you can still operate without the problem then go back into msconfig and turn on (check) half of what you turned off. After you reboot if the problem comes back then it was in the group you just checked so uncheck about half of them and OK and reboot. Keep going that way until you find the culprit.

Another possibility is to run Process Explorer.

http://technet.micro...s/bb896653.aspx

It will show how much of the CPU is being used by the different programs and can show you the details of the many svchost.exe programs.

If you keep it up while doing other things you might be able to see what is hogging the CPU.

Sometimes the event logs will also give clues. From the command prompt type:

eventvwr.msc

then Windows Logs and look in Applications and in System for red marked errors about the time of the last hang. You can Copy Details as Text and paste them into a reply.

One of the on-line scans might find something.

ESET
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish

BitDefender

http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.




Ron

Edited by RKinner, 23 April 2010 - 09:50 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP