Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Freezing and occasionally turns off.

Started by Kimmer62 , Jun 04 2010 07:15 PM

  • Please log in to reply

#1
Kimmer62
Posted 04 June 2010 - 07:15 PM

Kimmer62

    Member

  • Member
  • PipPip
  • 16 posts
I don't know if this is a malware issue or a software/hardware issue. My Gateway PC, keeps freezing and turning itself off, both when I am on line and when I am off line. I have been unable to do the GMER rootkit scan because it keeps freezing. Sometimes when I turn on the computer it starts to beep and continues to beep until I turn it off. The on button stays lit but the system never comes on. I don't know if this is a problem with my computer or if there is a virus or something else. I have replaced the power cord and tried a different surge protector which seemed to fix the problem for about 24 hours. But then it happened again

When I turn on the computer after it is off I usually get prompted to start in a variety of modes. Last time when I chose to start in normal I ended up in a loop trying to start it with the message:

Windows\system32\ntkrn\pa.exe
status: oxc0000221
info: Windows failed to load because the kernel is missing or corrupt

I have MBAM and the OTL log but not the GMER, and have posted them in this message.

When I went to find out what kind of computer the system on the computer says its a Dell, but it is a Gateway. My son said he restored vista a year a go and probably used a Dell vista CD. According to Gateway we have a Gateway GM5472 Desktop Computer with a AMD Athlon 64 X2 5000+ Processor . I hope someone can help.

Thanks,

Kim

mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4163

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/2/2010 11:15:40 AM
mbam-log-2010-06-02 (11-15-40).txt

Scan type: Quick scan
Objects scanned: 124918
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



**********
OLT -
OTL logfile created on: 6/2/2010 11:37:07 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Jimmy Erskine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 2500 2800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 399.44 Gb Free Space | 87.61% Space Free | Partition Type: NTFS
Drive D: | 9.82 Gb Total Space | 4.42 Gb Free Space | 45.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMMYERSKINE-PC
Current User Name: Jimmy Erskine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 11:32:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy Erskine\Downloads\OTL.exe
PRC - [2010/06/02 11:31:59 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2010/06/02 11:31:59 | 000,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\AWC.exe
PRC - [2010/04/02 21:49:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/03/15 06:15:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/23 15:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2005/03/08 21:13:56 | 001,695,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 11:32:46 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy Erskine\Downloads\OTL.exe
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/22 14:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/09/23 17:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/05/02 12:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast) SupportSoft Repair Service (providercomcast)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/11/26 13:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/11/20 15:19:06 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/06/20 00:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 21:00:00 | 000,251,264 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0500Vid.sys -- (V0500Dev)
DRV - [2007/08/15 23:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/23 18:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/08 23:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:40 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cinemsup.sys -- (Cinemsup)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..extensions.enabledItems: {9d396f50-1c72-11de-8c30-0800200c9a66}:1.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20100529
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 21:49:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 21:49:37 | 000,000,000 | ---D | M]

[2009/05/27 16:40:25 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Extensions
[2010/06/01 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions
[2010/04/29 17:43:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/24 18:06:32 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2010/05/17 21:12:30 | 000,000,000 | ---D | M] (Bauhaus_Pure) -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{9d396f50-1c72-11de-8c30-0800200c9a66}
[2009/11/01 09:14:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/30 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\[email protected]
[2010/05/01 11:19:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - Startup: C:\Users\Jimmy Erskine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jimmy Erskine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jimmy Erskine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 05:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\##PARENTS-ROOM#My Book (J)\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{381e53fe-001c-11df-ad78-001bb95c2171}\Shell - "" = AutoRun
O33 - MountPoints2\{381e53fe-001c-11df-ad78-001bb95c2171}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\{907c73f2-8432-11de-9f37-001bb95c2171}\Shell - "" = AutoRun
O33 - MountPoints2\{907c73f2-8432-11de-9f37-001bb95c2171}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9c72ada5-5bdf-11df-adcb-001bb95c2171}\Shell - "" = AutoRun
O33 - MountPoints2\{9c72ada5-5bdf-11df-adcb-001bb95c2171}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/06/02 11:11:11 | 000,000,000 | ---D | C] -- C:\Users\Jimmy Erskine\AppData\Roaming\Malwarebytes
[2010/06/02 11:11:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/02 11:11:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/02 11:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/02 11:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/02 11:08:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/02 11:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/13 00:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/04/25 21:52:15 | 000,000,000 | ---D | C] -- C:\Users\Jimmy Erskine\Documents\Drew
[2010/03/23 21:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/03/20 08:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/20 08:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/20 08:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/08 17:08:26 | 000,000,000 | ---D | C] -- C:\Users\Jimmy Erskine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

========== Files - Modified Within 90 Days ==========

[2010/06/02 11:36:18 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/02 11:36:18 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/02 11:36:18 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/02 11:36:04 | 003,932,160 | -HS- | M] () -- C:\Users\Jimmy Erskine\NTUSER.DAT
[2010/06/02 11:32:01 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 11:32:01 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 11:31:58 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/02 11:31:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/02 11:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/02 11:31:49 | 2009,612,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 11:11:08 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 11:08:32 | 000,000,733 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\NTREGOPT.lnk
[2010/06/02 11:08:32 | 000,000,714 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\ERUNT.lnk
[2010/06/02 11:08:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2388197091-3110065304-4084445149-1000UA.job
[2010/06/02 11:05:31 | 000,524,288 | -HS- | M] () -- C:\Users\Jimmy Erskine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/02 11:05:31 | 000,065,536 | -HS- | M] () -- C:\Users\Jimmy Erskine\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/01 15:04:28 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/06/01 11:54:30 | 000,013,431 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\NY labor appeal page 4.docx
[2010/06/01 02:08:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2388197091-3110065304-4084445149-1000Core.job
[2010/05/29 18:40:11 | 002,299,808 | -H-- | M] () -- C:\Users\Jimmy Erskine\AppData\Local\IconCache.db
[2010/05/27 11:36:45 | 000,019,386 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Jim Erskine - Work resume 2010.docx
[2010/05/26 13:07:23 | 000,077,312 | ---- | M] () -- C:\Users\Jimmy Erskine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 20:41:37 | 000,012,025 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Tide pool Project2.docx
[2010/05/13 00:51:24 | 000,000,752 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\Audacity.lnk
[2010/05/12 22:37:25 | 000,011,827 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Tide pool Project.docx
[2010/05/12 21:48:13 | 000,015,436 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\faq tide pools.docx
[2010/05/12 13:38:27 | 000,001,344 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\Kim site info.lnk
[2010/05/10 00:04:29 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag.lnk
[2010/05/03 23:27:50 | 000,010,191 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\Southwest Rapid Rewards numbers.docx
[2010/05/03 22:20:33 | 000,309,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/25 21:53:12 | 000,010,413 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\temp.docx
[2010/04/25 17:12:42 | 000,002,627 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\Microsoft Office Word 2007.lnk
[2010/04/24 15:25:35 | 000,002,585 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\Microsoft Office Excel 2007.lnk
[2010/04/22 19:49:58 | 000,014,953 | ---- | M] () -- C:\Users\Jimmy Erskine\Desktop\coldplay_xy_album_front.gif
[2010/04/14 20:49:01 | 000,012,968 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Protist Lab.docx
[2010/04/13 19:35:11 | 000,010,530 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\black magic woman.docx
[2010/03/30 18:22:01 | 000,014,723 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Bacteria Microviewers lab.docx
[2010/03/21 19:16:37 | 000,011,230 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Chapter 1 us history.docx
[2010/03/20 08:34:02 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 08:31:57 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/15 20:18:30 | 000,012,801 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Scoring During Play.docx
[2010/03/15 20:18:24 | 000,012,521 | ---- | M] () -- C:\Users\Jimmy Erskine\Documents\Scoring During The Game Of Cribbage.docx

========== Files Created - No Company Name ==========

[2010/06/02 11:11:08 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/02 11:08:32 | 000,000,733 | ---- | C] () -- C:\Users\Jimmy Erskine\Desktop\NTREGOPT.lnk
[2010/06/02 11:08:32 | 000,000,714 | ---- | C] () -- C:\Users\Jimmy Erskine\Desktop\ERUNT.lnk
[2010/06/01 11:54:30 | 000,013,431 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\NY labor appeal page 4.docx
[2010/05/27 11:36:45 | 000,019,386 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Jim Erskine - Work resume 2010.docx
[2010/05/13 00:51:24 | 000,000,752 | ---- | C] () -- C:\Users\Jimmy Erskine\Desktop\Audacity.lnk
[2010/05/12 22:39:01 | 000,012,025 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Tide pool Project2.docx
[2010/05/12 21:48:13 | 000,015,436 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\faq tide pools.docx
[2010/05/12 19:59:38 | 000,011,827 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Tide pool Project.docx
[2010/05/12 13:37:44 | 000,001,344 | ---- | C] () -- C:\Users\Jimmy Erskine\Desktop\Kim site info.lnk
[2010/05/10 00:04:55 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2010/05/10 00:04:29 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag.lnk
[2010/04/25 21:53:11 | 000,010,413 | ---- | C] () -- C:\Users\Jimmy Erskine\Desktop\temp.docx
[2010/04/22 19:49:56 | 000,014,953 | ---- | C] () -- C:\Users\Jimmy Erskine\Desktop\coldplay_xy_album_front.gif
[2010/04/14 20:49:01 | 000,012,968 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Protist Lab.docx
[2010/04/13 19:35:10 | 000,010,530 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\black magic woman.docx
[2010/03/30 18:22:00 | 000,014,723 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Bacteria Microviewers lab.docx
[2010/03/21 19:15:43 | 000,011,230 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Chapter 1 us history.docx
[2010/03/20 08:34:02 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/20 08:31:57 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/15 20:18:30 | 000,012,801 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Scoring During Play.docx
[2010/03/15 20:18:22 | 000,012,521 | ---- | C] () -- C:\Users\Jimmy Erskine\Documents\Scoring During The Game Of Cribbage.docx
[2009/06/28 21:10:14 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/06/28 21:05:51 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/08 08:54:26 | 000,000,890 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2005/02/28 15:17:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\Windows\System32\CinemSup.sys

========== LOP Check ==========

[2009/05/27 16:52:13 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\acccore
[2009/06/28 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\Canon
[2010/03/08 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/10 00:04:28 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\IObit
[2009/07/04 10:38:17 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\IrfanView
[2009/11/08 18:08:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\Octoshape
[2009/12/24 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\ooVoo Details
[2009/06/18 23:27:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\RFB&&D Download Manager
[2009/06/28 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\ScanSoft
[2010/05/09 23:59:50 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\uTorrent
[2009/12/27 01:11:00 | 000,000,000 | ---D | M] -- C:\Users\Jimmy Erskine\AppData\Roaming\WinFF
[2010/06/02 11:31:58 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/06/02 11:05:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/01 15:04:28 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/12/13 03:03:38 | 000,377,151 | RHS- | M] () -- C:\bootmgr
[2009/05/27 03:20:11 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/02 11:31:49 | 2009,612,288 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/27 16:34:33 | 000,000,694 | -H-- | M] () -- C:\IPH.PH
[2010/06/02 11:31:48 | 2621,440,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 22:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 22:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/08/11 23:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >



*********************
Otl - extra
OTL Extras logfile created on: 6/2/2010 11:37:07 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Jimmy Erskine\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 2500 2800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.94 Gb Total Space | 399.44 Gb Free Space | 87.61% Space Free | Partition Type: NTFS
Drive D: | 9.82 Gb Total Space | 4.42 Gb Free Space | 45.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIMMYERSKINE-PC
Current User Name: Jimmy Erskine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DFADACA-530C-44BA-B464-80B64EA1ED6A}" = lport=37677 | protocol=17 | dir=in | name=oovoo udp port 37677 |
"{16E2191C-6B4B-4A09-8AF8-5CCE592B6CED}" = rport=139 | protocol=6 | dir=out | app=system |
"{28189799-B52D-4351-9865-0C552BC78EE7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3B6035DF-281E-4C21-816D-2E5A1CDA0664}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{585F0409-4088-4943-8122-8AC3F1B2029D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67A88C8D-B7D7-4BAE-B488-F38E4106803E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6CE779AF-9A14-449B-A314-CF6B16E9FA7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80543838-BBD2-4E4E-89EC-CEFBC9CD954E}" = lport=37676 | protocol=6 | dir=in | name=oovoo tcp port 37676 |
"{8758CAEB-6E51-4960-89A9-E60B8A1B2580}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8C89FFB4-F424-468A-BFE9-B8167C509AA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8CD19D52-BBEA-4E6B-955D-DB6D158B586F}" = rport=137 | protocol=17 | dir=out | app=system |
"{8DD85C43-265A-4948-A8E3-AE7153B78FA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8F520966-BB20-4C9E-A8FE-F3696FAF67AE}" = rport=138 | protocol=17 | dir=out | app=system |
"{B66C35B3-0B4B-4DF8-8AA3-79B319CA8BF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{C5DE346E-E3D6-4F2D-8ED0-176BE364A3CB}" = rport=445 | protocol=6 | dir=out | app=system |
"{C6BE987F-BB0A-4433-BAA0-9E60AFF752FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEFDAD79-235C-4428-9454-E5609D50B8AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{D434F184-E73F-4764-8D1B-04B0D64D17A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB979411-D16E-4AD5-AE8A-5D1187CC8103}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DEDFC6CD-8992-4ECF-B088-D8C7B1ED6A9A}" = lport=37676 | protocol=17 | dir=in | name=oovoo udp port 37676 |
"{E33EB591-743B-441A-9272-3159FF96793F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1EAEC36-534F-4F4B-A6CB-D979668C78B0}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06795EA1-94B8-4765-A1C8-BEC71D06607C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0A59D87F-B711-4B65-AB6F-A6219BCC7296}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{1F5D7923-3FF0-4F51-8C06-D0CCE2CCF1AC}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{2AD69EC2-3920-4EA5-A051-138CD918F7B3}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{33A5636F-3DD0-4B78-AB43-A521DFD93AF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{38206DD0-A0CB-4D50-9077-2FB1D5B5F1D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40D6D207-89AA-4D28-B2B8-45E9A9F47A89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5438A35A-058E-409F-A3C0-5AFCFB78607B}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{621F1CD8-B88F-41B4-8488-D00FDDC02D70}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{662E4832-4FD7-4E1F-9120-99F48942F402}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{6AE2690F-BB1D-450E-9C51-BA17FEBDF2E7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{6D494111-45D7-4401-8A3A-578D723572A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E2ECCB2-21AF-400A-B297-8BDF1F32D526}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{6FED2B86-BA1B-4D91-90CE-4201D1D85E43}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{874922E4-438C-41C5-8500-D55708A375F4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{94D59B15-7FD2-4526-BFFA-0963FDD70F48}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{951FF496-C0F0-478E-8F38-71CC57F9147D}" = protocol=1 | dir=in | [email protected],-28543 |
"{A4311F0A-7E34-44F7-9749-6C5E9016DCBF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B75C8840-7B50-40E3-8537-9DBBA19B7985}" = protocol=58 | dir=in | [email protected],-28545 |
"{BC192DD7-F830-41C4-8C74-D1B0DCF76959}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{C14F01FB-4166-417B-B759-F6F94FFFB87F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{C33EFDCD-0D02-4FF0-959B-244C698FF45D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{CF168112-5425-4FDB-9D17-F6F6F629BE30}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D5DC6323-8FD9-40EF-9C35-7CD06687B6E1}" = protocol=1 | dir=out | [email protected],-28544 |
"{D69161A7-D1AE-48D0-9BD3-63734351A737}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DDD2D28B-11E6-4823-A990-EECC63FCE0B5}" = protocol=58 | dir=out | [email protected],-28546 |
"{F871C952-EDFB-453E-815E-FA1CBEE527C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD2C30AE-9823-4C6E-BE29-89FFFDB84190}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{A0E61771-3B81-464F-AD04-4B17FDA01A73}C:\users\jimmy erskine\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\jimmy erskine\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{B00DD86E-8E74-4E29-AAAB-4C3847D52E12}C:\users\jimmy erskine\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\jimmy erskine\downloads\utorrent.exe |
"TCP Query User{B2BD20E0-470B-451E-8AB3-9CDCDB3DD32E}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{1A814B0C-5BE0-479C-9EBF-AF864122F0B0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{A7217C79-1FBB-45DD-ABB4-C47E2667231F}C:\users\jimmy erskine\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\jimmy erskine\downloads\utorrent.exe |
"UDP Query User{CE1974DA-1103-4B7D-9BFA-8565F0BA9847}C:\users\jimmy erskine\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\jimmy erskine\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 18
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Audacity_is1" = Audacity 1.2.4
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
"Canon CanoScan 8800F User Registration" = Canon CanoScan 8800F User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell AIO Printer 946" = Dell AIO Printer 946
"Dynex VF0500" = Dynex 1.3MP Webcam Driver (1.00.03.0000)
"Dynex Webcam User's Guide" = Dynex Webcam User's Guide
"ERUNT_is1" = ERUNT 1.1j
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"IrfanView" = IrfanView (remove only)
"Live! Cam Center" = Live! Cam Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"RFB&D Download Manager_is1" = RFB&D Download Manager
"Smart Defrag_is1" = Smart Defrag
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"WinFF_is1" = WinFF 1.0.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.1.0.366
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2010 3:53:58 PM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2010 3:04:39 PM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2010 4:19:46 PM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2010 10:40:36 AM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2010 10:45:44 AM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2010 10:52:51 AM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2010 11:06:28 AM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2010 11:21:08 AM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2010 11:26:03 AM | Computer Name = JimmyErskine-PC | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0,
faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception
code 0xc0000005, fault offset 0x0000c4b1, process id 0xfa4, application start time
0x01cb0267885cf1fd.

Error - 6/2/2010 11:32:09 AM | Computer Name = JimmyErskine-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/2/2009 8:03:20 PM | Computer Name = JimmyErskine-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.107. The computer with the IP address 192.168.1.104 did
not allow the name to be claimed by this computer.

Error - 12/4/2009 12:57:16 PM | Computer Name = JimmyErskine-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/4/2009 12:57:28 PM | Computer Name = JimmyErskine-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/4/2009 12:57:34 PM | Computer Name = JimmyErskine-PC | Source = HTTP | ID = 15016
Description =

Error - 12/4/2009 12:59:13 PM | Computer Name = JimmyErskine-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/6/2009 10:10:50 PM | Computer Name = JimmyErskine-PC | Source = bowser | ID = 8003
Description =

Error - 12/7/2009 4:22:30 PM | Computer Name = JimmyErskine-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/7/2009 4:22:42 PM | Computer Name = JimmyErskine-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/7/2009 4:22:49 PM | Computer Name = JimmyErskine-PC | Source = HTTP | ID = 15016
Description =

Error - 12/7/2009 4:24:27 PM | Computer Name = JimmyErskine-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 04 June 2010 - 11:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check.


Get SIW from http://www.snapfiles.com/get/siw.html
Save it to your desktop and run it. Under Hardware find Sensors and click on it then on the name of your computer then on then CPU. It should tell you the temperature. What does it say?

Run something like an anti-virus scan or watch a movie. Does the temperature go up?


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus programs at this time :!:

Ron
  • 0

#3
Kimmer62
Posted 05 June 2010 - 01:00 PM

Kimmer62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Dear Ron,

I ran the disk check which took a really long time. then did the temperature check... here is a picture of what it looked like under the heading Value:

ITE IT87
TMPIN0 = 82 F
TMPIN1 - 109 F
TMPIN2 = 76 F

AMD Athlon 64 x2 5000
Core#0 = 97 F
Core#1 = 109 F

When I put in a movie it varied a bit and wen up and down the TMPIN0 went up to 87 and CORE#0 went up to 105 and CORE#1 up to 116 but they did come down.

I installed and Ran Combofix exactly like you said. Here is the Combofix. txt file...

ComboFix 10-06-03.01 - Jimmy Erskine 06/05/2010 14:21:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1200 [GMT -4:00]
Running from: c:\users\Jimmy Erskine\Desktop\george.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jimmy Erskine\g2mdlhlpx.exe
c:\users\Jimmy Erskine\gotomypc_533.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-02 15:11 . 2010-06-02 15:11 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\Malwarebytes
2010-06-02 15:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 15:11 . 2010-06-02 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 15:11 . 2010-06-02 15:11 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 15:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 15:08 . 2010-06-02 15:08 -------- d-----w- c:\program files\ERUNT
2010-05-26 00:22 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 04:51 . 2010-05-13 04:51 -------- d-----w- c:\program files\Audacity
2010-05-11 21:36 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 17:35 . 2009-09-05 18:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-12 15:21 . 2009-10-03 05:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 07:01 . 2009-05-31 17:25 -------- d-----w- c:\programdata\Microsoft Help
2010-05-10 15:55 . 2009-08-08 15:59 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\U3
2010-05-10 04:04 . 2009-05-27 20:25 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\IObit
2010-05-10 04:04 . 2009-05-27 20:25 -------- d-----w- c:\program files\IObit
2010-05-10 03:59 . 2009-06-09 23:59 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\uTorrent
2010-05-01 15:19 . 2009-12-25 20:00 -------- d-----r- c:\program files\Skype
2010-04-24 02:05 . 2010-04-24 02:05 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-26 14:33 . 2010-04-29 21:43 1496064 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-29 21:43 43008 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-29 21:43 339456 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-29 21:43 346112 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 12:29 . 2010-03-20 12:29 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-09 16:28 . 2010-03-31 04:12 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 04:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 04:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Jimmy Erskine\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-06-05 492840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\users\Jimmy Erskine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys [2007-11-01 251264]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [2008-05-02 148768]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MODEM

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 4\AWC.exe [2009-08-27 15:03]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388197091-3110065304-4084445149-1000Core.job
- c:\users\Jimmy Erskine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-27 20:26]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388197091-3110065304-4084445149-1000UA.job
- c:\users\Jimmy Erskine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-27 20:26]

2010-06-01 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-10 20:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Jimmy Erskine\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 14:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-05 14:31:14
ComboFix-quarantined-files.txt 2010-06-05 18:31

Pre-Run: 427,969,069,056 bytes free
Post-Run: 427,806,478,336 bytes free

- - End Of File - - 08977F731BFEA0164FCC710A9500E928


Thanks...

Kim
  • 0

#4
RKinner
Posted 05 June 2010 - 02:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall this thing:

"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox

Lots of unhappy people with this thing. Seems it is installed by Skype these days without asking.

Also uninstall Adobe's foistware:
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"Adobe AIR" = Adobe AIR
{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

Once you uninstall them run combofix again (remember to pause your anti-virus). The Browser Highlighter thing is installing a driver for some reason and I want to make sure it gets removed when you uninstall it.

Start, Programs, Accessories then right click on Command Prompt and Run As Administrator. Type (with an Enter after each line)

sfc /scannow

(Space after sfc. It will scan your critical system files and try to fix any that it doesn't have a spare for. If it asks for a CD and you do not have it or it does not like it then just press Skip.)

sigverif

(Press Start. When it finishes it will give you a list of files that it doesn't like. IF there are not too many you can type their names into a reply. Otherwise just look for those that have dates since the problem began.)


Let's take a closer look at your event log:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

Edited by RKinner, 05 June 2010 - 02:04 PM.

  • 0

#5
Kimmer62
Posted 06 June 2010 - 12:10 PM

Kimmer62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay, I've done what you've asked... I am still having a huge problem keeping the computer on and then turning it back on once it goes down. That's part of why these answers take so long. I also don't know when it will stay on and when it will freeze.

I keep getting error messages after I press on "start Windows normally" the messages come up on the next screen saying "windows failed to start" and include the following at different times:

File: Windows\system32\winload.exe
status: 0xc0000221

and
File: Windows\system32\ntkrnlpa.exe
status: 0xc0000221

and
File: Windows\system32\ntkrnlpa.exe
status: 0xc0000428

and
File: File: Windows\system32\drives\fltmgr.sys
status: 0xc0000221

I have also gotten the following message:
"Its header Checksum does not match computed Checksum"

Here are the files after the sigverif:

name in file
nvcpl.chm C:\windows\nvtmpinst
nvcpl.cpl
nvcplui.exe
nvcpluir.dll
nvexbar.dll

Combofix log:
ComboFix 10-06-03.01 - Jimmy Erskine 06/06/2010 13:11:29.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1487 [GMT -4:00]
Running from: c:\users\Jimmy Erskine\Desktop\george.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:17 . 2010-06-06 17:17 -------- d-----w- c:\users\Jimmy Erskine\AppData\Local\temp
2010-06-06 17:17 . 2010-06-06 17:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-06 17:17 . 2010-06-06 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-02 15:11 . 2010-06-02 15:11 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\Malwarebytes
2010-06-02 15:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 15:11 . 2010-06-02 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-02 15:11 . 2010-06-02 15:11 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 15:11 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 15:08 . 2010-06-02 15:08 -------- d-----w- c:\program files\ERUNT
2010-05-26 00:22 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 04:51 . 2010-05-13 04:51 -------- d-----w- c:\program files\Audacity
2010-05-11 21:36 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 16:53 . 2009-12-25 17:10 1356 ----a-w- c:\users\Jimmy Erskine\AppData\Local\d3d9caps.dat
2010-06-06 01:41 . 2009-06-09 04:12 -------- d-----w- c:\programdata\NOS
2010-06-05 18:45 . 2010-06-05 18:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-05 17:35 . 2009-09-05 18:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 18:14 . 2009-10-03 05:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 07:01 . 2009-05-31 17:25 -------- d-----w- c:\programdata\Microsoft Help
2010-05-10 15:55 . 2009-08-08 15:59 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\U3
2010-05-10 04:04 . 2009-05-27 20:25 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\IObit
2010-05-10 04:04 . 2009-05-27 20:25 -------- d-----w- c:\program files\IObit
2010-05-10 03:59 . 2009-06-09 23:59 -------- d-----w- c:\users\Jimmy Erskine\AppData\Roaming\uTorrent
2010-05-01 15:19 . 2009-12-25 20:00 -------- d-----r- c:\program files\Skype
2010-04-24 02:05 . 2010-04-24 02:05 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-26 14:33 . 2010-04-29 21:43 1496064 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 14:33 . 2010-04-29 21:43 43008 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 14:33 . 2010-04-29 21:43 339456 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 14:32 . 2010-04-29 21:43 346112 ----a-w- c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 12:29 . 2010-03-20 12:29 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-09 16:28 . 2010-03-31 04:12 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-31 04:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-31 04:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-05_18.28.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-06-06 12:55 67986 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-02 19:23 . 2009-12-02 19:23 42368 c:\windows\System32\drivers\MpNWMon.sys
+ 2009-05-27 03:31 . 2010-06-06 12:56 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-27 03:31 . 2010-06-05 05:02 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-02 15:23 . 2010-06-06 12:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-02 15:23 . 2010-06-05 05:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-27 03:31 . 2010-06-06 12:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-27 03:31 . 2010-06-05 05:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-27 03:35 . 2010-06-06 12:55 3620 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2388197091-3110065304-4084445149-1000_UserData.bin
+ 2010-06-05 17:25 . 2010-06-06 16:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-05 17:25 . 2010-06-05 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-05 17:25 . 2010-06-05 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-05 17:25 . 2010-06-06 16:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-06-06 17:06 594698 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-06-06 17:06 100766 c:\windows\System32\perfc009.dat
+ 2009-12-02 19:23 . 2009-12-02 19:23 149040 c:\windows\System32\drivers\MpFilter.sys
+ 2010-06-05 18:45 . 2010-06-05 18:45 272384 c:\windows\Installer\36e6d1.msi
+ 2010-06-05 18:45 . 2010-06-05 18:45 254976 c:\windows\Installer\36e6cb.msi
+ 2009-05-30 16:40 . 2010-06-06 16:58 100606155 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Jimmy Erskine\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-09 1695744]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Jimmy Erskine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [2008-05-02 148768]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-04-09 401408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-16 552448]
R3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824]
R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys [2007-11-01 251264]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 4\AWC.exe [2009-08-27 15:03]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388197091-3110065304-4084445149-1000Core.job
- c:\users\Jimmy Erskine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-27 20:26]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2388197091-3110065304-4084445149-1000UA.job
- c:\users\Jimmy Erskine\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-27 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\Firefox\Profiles\dbxhw6g7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Jimmy Erskine\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Jimmy Erskine\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 13:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-06 13:19:02
ComboFix-quarantined-files.txt 2010-06-06 17:19
ComboFix2.txt 2010-06-05 18:31

Pre-Run: 429,614,796,800 bytes free
Post-Run: 429,598,920,704 bytes free

- - End Of File - - 771EE621C3577D3BFE1A3529F538AE95


Event Viewer tool log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/06/2010 1:52:37 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/06/2009 11:09:22 PM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 28/06/2009 11:09:38 PM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 28/06/2009 11:10:15 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 28/06/2009 11:11:19 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 28/06/2009 11:34:44 PM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 28/06/2009 11:34:55 PM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 28/06/2009 11:35:02 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 28/06/2009 11:36:40 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 29/06/2009 12:19:38 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 29/06/2009 12:19:38 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 29/06/2009 12:19:38 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 29/06/2009 12:40:48 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 29/06/2009 12:41:02 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 29/06/2009 12:41:09 AM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 29/06/2009 12:42:45 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 29/06/2009 1:16:11 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 29/06/2009 1:16:24 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 29/06/2009 1:16:31 AM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 29/06/2009 1:18:08 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 29/06/2009 1:20:10 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/06/2009 11:02:27 PM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {DC1DA8C5-BBE1-4744-B7DB-D27B488EA6AD} User: JimmyErskine-PC\Jimmy Erskine Name: Unknown ID: Severity ID: Category ID: Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task;file:C:\Program Files\QuickTime\QTTask.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 28/06/2009 11:08:50 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 29/06/2009 12:40:18 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 29/06/2009 1:11:13 AM
Type: Warning Category: 0
Event: 3004 Source: Microsoft-Windows-Windows Defender
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: Not Applicable Scan ID: {51EA086E-F0B2-470B-BFE3-4DD4582D26AC} User: JimmyErskine-PC\Jimmy Erskine Name: Unknown ID: Severity ID: Category ID: Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WrtMon.exe;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WrtMon.exe;file:C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe Alert Type: Unclassified software Detection Type:

Log: 'System' Date/Time: 29/06/2009 1:15:43 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 29/06/2009 1:18:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 29/06/2009 3:01:06 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 30/06/2009 1:15:52 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/07/2009 3:59:10 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/07/2009 3:14:00 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/07/2009 1:13:01 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00183913A8B2. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 05/07/2009 3:07:02 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00183913A8B2. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 05/07/2009 3:07:05 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00183913A8B2. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 05/07/2009 3:07:26 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/07/2009 7:35:54 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/07/2009 11:47:31 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00183913A8B2. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 06/07/2009 2:59:29 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/07/2009 6:00:04 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 09/07/2009 2:46:19 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 11/07/2009 1:10:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

******************

Also I had turned defender off but it says its turned on in the combofix report.

ANyway... does this appear to be a malware or virus thing or software thing or is it something to do with the machine?

Thanks,

Kim
  • 0

#6
RKinner
Posted 06 June 2010 - 12:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No sign of malware. You have some sort of file corruption. Don't suppose you have a Vista DVD? You probably need to do a Repair. There is a slight chance that the problem is related to a bad driver. Reboot and go into Safe Mode by tapping F8 slowly once you hear the beep, see the maker's logo or it tells you to press F8. Keep tapping until you see the Safe Mode menu then select the top option. If this boots smoothly then it's a driver issue.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP