Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Conficker? Rootkit? Computer Crashing Constantly..


  • Please log in to reply

#1
cloudywithachance

cloudywithachance

    New Member

  • Member
  • Pip
  • 9 posts
Hi,

Right after the last Windows update, I restarted my laptop and was on it for a very short time.. when it just crashed.. shut off totally, no warning messages of any kind.

It wouldn't stay running for more than a few minutes and then shut off again. So, I restarted in safe mode and was able to poke around to see what I could figure out. I noticed my antivirus was missing from it's folder almost like it was uninstalled. Defender was off and there was a blizzard folder that had been downloaded the day after this first crash with World of Warcraft folders in them and tons of files (I don't play that game and have never downloaded them)

I also had a weird entry in the task manager called start 1 that had a svchost.exe file in the windows/temp folder. I disabled it so it wouldn't start automatically anymore.

I tried doing a system restore, but all my restore points are gone.

I've been trying to fix this thing for 5 days now and it just seems to be getting worse. It crashes and just shuts off every time it's running, sometimes it can run 30 min as long as I'm not doing anything but looking at folders. If I try to run any kind of exe file, it crashes within seconds. If I try to do any kind of repair using the built in tools, it crashes instantly.

I just tried to start it in safe mode again, and it hangs and won't load past the storport.sys file.

I tried using the Hirem(sp) bootup cd, but that just crashed too when I tried to check the windows memory. I noticed that the admin account has been disabled as well.

The day before my laptop crashed, my son's laptop crashed also (Vista). I managed to get that one back up and running (his system restore was still there). 5 days before that, our PS3 (which is also running on our wireless network) crashed too while watching netflix. I can't get that thing to even turn on anymore. I don't know if the PS3 thing is related or not, but it seems kinda weird that the same thing happened to that before the laptops went.

I have a win xp desktop on the network too but not wireless, which I am using that seems ok. I removed a few viruses off of it a few days ago that seemed to just be from old system restore points from 2006.

I don't know how I am going to get this fixed if I can't run any kind of diagnostic or virus removing programs.. I tried running hijack this yesterday, but it crashed the computer within seconds.

Any help you can offer would be GREATLY appreciated!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Can you uninstall the last update?

Can you Start, Run, msconfig, OK then check Diagnostic boot and OK then restart? Will it go into normal mode now?

If so:
  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Ron
  • 0

#3
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Ron,

Thankyou so much for replying..

I attempted to start in safemode and couldn't.. so I tried to start in normal windows mode and got an error message and the computer proceeded to do a check disk.. it fixed files and then restarted ok. I very quickly changed the setting in msconfig to diagnostic like you said and restarted.

It started up! :) It has now been running for 2 hours without shutting off.

I downloaded TDSSkiller on this computer and burned to cd. Transferred it to the desktop and ran it.. I have the log file but I cannot get on the internet in diagnostic mode in order to upload the log file. It didn't find anything, but it said one of the files was suspicious with no access (C:\Windows\system32\Drivers\sptd.sys)

How do I get connected to the internet in this mode so I can upload the log?

Thanks again!

Lisa
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Sounds like you may just have had a bad spot on the hard drive but go back into MSCONFIG and check normal boot. Apply, then under Startup uncheck everything unless it has to do with your wireless or your antivirus. Apply, then go to Services. Check Hide Microsoft Services then uncheck everything unless it has to do with your wireless or your antivirus. OK and reboot into regular mode. See if you can download and run OTL per step 5 of http://www.geekstogo...uide-t2852.html

sptd.sys is from Daemon Tools so nothing to worry about. Don't really need the log if it said 0/0/0 at the end.

Ron
  • 0

#5
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here are the OTL files you requested..

OTL logfile created on: 6/16/2010 7:13:37 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Anita\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 14.45 Gb Free Space | 20.78% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 46.77 Gb Free Space | 67.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANITA-PC
Current User Name: Anita
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/15 00:33:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Anita\Desktop\OTL.exe
PRC - [2010/06/03 10:25:24 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/03 10:25:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/03 10:25:22 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/03 10:25:19 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 10:25:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/02 20:15:14 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/02 20:15:09 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/15 00:33:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Anita\Desktop\OTL.exe
MOD - [2010/04/02 20:16:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/20 21:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 21:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/02 20:15:14 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/02 20:15:09 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/17 17:37:40 | 000,057,640 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/11/17 17:37:18 | 000,224,816 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/06/11 01:07:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/16 19:39:00 | 002,800,669 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/28 13:56:06 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/26 00:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/26 00:36:02 | 000,131,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 16:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Disabled | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 19:15:28 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/06/03 10:25:23 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 10:25:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/02 20:16:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/15 15:04:58 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2009/09/15 15:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/06 09:06:02 | 000,140,800 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/01 13:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/06 21:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/07/04 01:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/03 04:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/02/21 22:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/30 04:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 04:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/23 06:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 08:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5515
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...p;m=aspire_5515

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...p;m=aspire_5515
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15438&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 68.168.215.166:51499

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.9
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:9.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.3
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..keyword.URL: "http://websearch.ask...ocale=en_US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/03 19:21:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/05 01:34:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/11/15 23:15:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 20:25:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/01 11:04:11 | 000,000,000 | ---D | M]

[2009/01/30 11:01:57 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Extensions
[2010/06/14 07:28:44 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions
[2010/06/06 18:08:49 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/05/13 10:29:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 22:18:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/10 03:37:03 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/03/03 18:04:24 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/06/05 01:42:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/17 19:02:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/13 10:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2010/01/22 13:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2010/06/05 01:42:39 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/14 07:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/09/01 22:41:15 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2010/05/13 10:29:29 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/04/02 20:25:53 | 000,000,000 | ---D | M] (OpenDownload) -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2009/11/13 10:10:15 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/06/05 01:42:46 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/05/13 10:29:07 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/03/18 11:25:28 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/06/05 01:42:45 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2009/11/13 10:10:15 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/04/17 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/03/10 04:39:06 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2009/12/10 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\mozilla\Firefox\Profiles\w43gyyxm.default\extensions\[email protected]
[2010/04/07 21:19:33 | 000,002,424 | ---- | M] () -- C:\Users\Anita\AppData\Roaming\Mozilla\FireFox\Profiles\w43gyyxm.default\searchplugins\askcom.xml
[2010/06/14 07:28:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/01 11:04:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/08 02:52:34 | 000,000,842 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 213.203.216.114 hxxt://www.marketsamurai.com
O1 - Hosts: 213.203.216.114 marketsamurai.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anita\Pictures\march-10-fractal-nocal-1280x1024.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anita\Pictures\march-10-fractal-nocal-1280x1024.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/24 15:53:22 | 000,000,000 | ---D | M] - D:\Auto Yahoo -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/16 07:01:26 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/06/16 07:01:00 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Anita\Desktop\OTL.exe
[2010/06/16 07:00:27 | 008,350,727 | ---- | C] (McAfee Inc.) -- C:\Users\Anita\Desktop\stinger1001895.exe
[2010/06/16 06:57:53 | 000,000,000 | ---D | C] -- C:\Users\Anita\Desktop\backups
[2010/06/16 06:39:15 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Anita\Desktop\hjt.exe
[2010/06/16 02:16:37 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\Anita\Desktop\TDSSKiller.exe
[2010/06/16 01:57:09 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\Leadertech
[2010/06/14 07:28:47 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\QuickScan
[2010/06/11 08:36:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/09 08:51:57 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\Malwarebytes
[2010/06/09 08:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/09 08:51:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/09 08:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/09 08:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/09 01:42:47 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\FireShot
[2010/06/08 18:37:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/08 02:44:39 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/06/08 02:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/06/05 01:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010/06/05 01:27:06 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\DisabledLisasptd.sys
[2010/06/05 01:25:30 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\DAEMON Tools Lite
[2010/06/05 01:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/06/01 11:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/06/01 11:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/30 13:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mad Scientist Productions
[2010/05/30 13:24:32 | 000,000,000 | ---D | C] -- C:\Sims 3 Framework Checker
[2010/05/14 02:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2010/05/10 02:09:20 | 000,000,000 | ---D | C] -- C:\Blog Uploads
[2010/05/10 01:55:39 | 000,000,000 | ---D | C] -- C:\Users\Anita\.FamilySearchIndexing
[2010/05/05 13:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/26 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Local\bhw
[2010/04/26 16:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\S3 Ripper
[2010/04/17 14:26:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2010/04/17 14:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/04/15 18:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\DoFellow
[2010/04/05 00:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/05 00:55:41 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\BitTorrent
[2010/04/05 00:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/04/02 20:17:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/02 20:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/29 20:09:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/24 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Anita\Library
[2010/03/24 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Anita\AppData\Roaming\com.adobe.ExMan
[2008/12/04 06:08:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 90 Days ==========

[2010/06/16 19:08:29 | 004,194,304 | -HS- | M] () -- C:\Users\Anita\NTUSER.DAT
[2010/06/16 19:07:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/16 19:07:13 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/16 19:07:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/16 19:06:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/16 19:06:32 | 2950,676,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/16 19:05:44 | 000,524,288 | -HS- | M] () -- C:\Users\Anita\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/06/16 19:05:44 | 000,065,536 | -HS- | M] () -- C:\Users\Anita\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/06/16 08:24:23 | 000,001,356 | ---- | M] () -- C:\Users\Anita\AppData\Local\d3d9caps.dat
[2010/06/16 08:20:33 | 003,427,154 | -H-- | M] () -- C:\Users\Anita\AppData\Local\IconCache.db
[2010/06/16 07:01:25 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/06/16 01:56:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2010/06/15 00:33:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Anita\Desktop\OTL.exe
[2010/06/14 23:13:54 | 008,350,727 | ---- | M] (McAfee Inc.) -- C:\Users\Anita\Desktop\stinger1001895.exe
[2010/06/14 04:34:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Anita\Desktop\hjt.exe
[2010/06/11 08:36:18 | 125,566,071 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/09 08:49:13 | 000,047,124 | ---- | M] () -- C:\Users\Anita\AppData\Local\prvlcl.dat
[2010/06/08 19:16:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/06/08 19:15:32 | 002,232,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 16:17:08 | 060,836,474 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/08 02:44:27 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/06/08 02:33:03 | 000,037,174 | ---- | M] () -- C:\Users\Anita\Documents\RegistrybackuponJune82010.reg
[2010/06/07 19:03:35 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/06/06 20:59:49 | 000,029,993 | ---- | M] () -- C:\Users\Anita\Desktop\style.css
[2010/06/05 18:51:14 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/06/05 01:42:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/05 01:42:21 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/05 01:42:21 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/05 01:27:06 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\DisabledLisasptd.sys
[2010/06/05 01:16:38 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2010/06/03 10:25:23 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/03 10:25:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Anita\Desktop\TDSSKiller.exe
[2010/05/17 09:02:00 | 000,000,110 | ---- | M] () -- C:\Users\Anita\jobq.dat
[2010/05/10 01:55:34 | 000,001,908 | ---- | M] () -- C:\Users\Anita\Desktop\FamilySearch Indexing.lnk
[2010/05/09 02:47:25 | 000,047,104 | ---- | M] () -- C:\Users\Anita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:50:49 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/17 14:24:26 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/04/15 18:54:52 | 000,001,964 | ---- | M] () -- C:\Users\Anita\Desktop\DoFellow.lnk
[2010/04/07 22:47:00 | 000,000,041 | ---- | M] () -- C:\Users\Anita\jagex_runescape_preferences.dat
[2010/04/07 22:22:20 | 000,000,069 | ---- | M] () -- C:\Users\Anita\jagex_runescape_preferences2.dat
[2010/04/07 21:22:01 | 000,000,000 | ---- | M] () -- C:\Users\Anita\jagex__preferences3.dat
[2010/04/05 16:43:45 | 000,000,029 | ---- | M] () -- C:\Windows\CDMKR32.INI
[2010/04/02 20:16:58 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/02 20:16:51 | 000,001,611 | ---- | M] () -- C:\Users\Public\Desktop\This Here Thing.lnk
[2010/04/02 20:16:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/02 20:16:48 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

========== Files Created - No Company Name ==========

[2010/06/16 08:26:52 | 2950,676,480 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/16 01:56:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/06/11 08:36:02 | 125,566,071 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/08 02:44:27 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2010/06/08 02:32:20 | 000,037,174 | ---- | C] () -- C:\Users\Anita\Documents\RegistrybackuponJune82010.reg
[2010/06/07 19:03:35 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/06/06 20:52:35 | 000,029,993 | ---- | C] () -- C:\Users\Anita\Desktop\style.css
[2010/06/05 02:33:11 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/10 02:41:12 | 000,000,110 | ---- | C] () -- C:\Users\Anita\jobq.dat
[2010/05/10 01:55:34 | 000,001,908 | ---- | C] () -- C:\Users\Anita\Desktop\FamilySearch Indexing.lnk
[2010/04/17 14:24:26 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/04/15 18:54:52 | 000,001,964 | ---- | C] () -- C:\Users\Anita\Desktop\DoFellow.lnk
[2010/04/07 21:22:01 | 000,000,000 | ---- | C] () -- C:\Users\Anita\jagex__preferences3.dat
[2010/04/05 16:43:45 | 000,000,029 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2010/04/05 03:40:53 | 000,047,124 | ---- | C] () -- C:\Users\Anita\AppData\Local\prvlcl.dat
[2010/04/02 20:16:51 | 000,001,611 | ---- | C] () -- C:\Users\Public\Desktop\This Here Thing.lnk
[2009/06/11 01:35:04 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009/06/09 22:29:50 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/01/11 01:39:16 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/12/04 08:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/12/04 08:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/12/04 07:31:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/12/04 06:05:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/04 06:05:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/01/13 18:06:46 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBMLCNP.DLL
[2003/06/13 06:53:38 | 000,000,187 | ---- | C] () -- C:\Windows\System32\lxbmcoin.ini
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbmvs.dll
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/12/21 05:22:32 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\acccore
[2009/01/30 10:47:32 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Acer
[2008/12/04 07:57:50 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Acer GameZone Console
[2010/02/09 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Amazon
[2009/12/10 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Artisteer
[2010/01/11 11:14:21 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Audacity
[2009/07/28 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Autodesk
[2010/06/05 02:38:40 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Azureus
[2010/06/11 09:13:04 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\BitTorrent
[2010/03/24 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\com.adobe.ExMan
[2009/11/23 23:51:30 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/05 01:41:23 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\DAEMON Tools Lite
[2010/03/01 01:57:37 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Facebook
[2010/06/09 01:42:47 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\FireShot
[2009/02/26 22:41:54 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\InterVideo
[2010/06/16 01:57:09 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Leadertech
[2009/08/10 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Leawo
[2010/06/08 02:44:39 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/06/14 07:30:07 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\QuickScan
[2009/05/20 03:37:32 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\SecondLife
[2009/08/25 01:25:29 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Sony
[2009/11/22 02:16:53 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\Systweak
[2009/07/25 04:22:03 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\TSRWorkshop
[2009/08/08 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Anita\AppData\Roaming\WeatherBug
[2010/06/16 19:05:46 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/12/04 06:08:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/16 19:06:32 | 2950,676,480 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/04 00:35:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/08 13:15:55 | 000,000,363 | -H-- | M] () -- C:\IPH.PH
[2009/11/04 00:35:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/16 19:06:30 | 3264,483,328 | -HS- | M] () -- C:\pagefile.sys
[2008/12/04 07:32:09 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/06/16 02:17:40 | 000,055,214 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_16.06.2010_02.16.48_log.txt
[2010/06/16 02:37:39 | 000,055,214 | ---- | M] () -- C:\TDSSKiller.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/08/25 10:49:30 | 000,078,848 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\LXBMPP5C.DLL
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 21:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< End of report >



OTL Extras logfile created on: 6/16/2010 7:44:58 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Anita\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 14.45 Gb Free Space | 20.78% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 46.77 Gb Free Space | 67.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANITA-PC
Current User Name: Anita
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Anita\AppData\Local\Temp\svchost.exe" = C:\Users\Anita\AppData\Local\Temp\svchost.exe:*:Enabled:ldrsoft -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AED41A8-428E-435C-BE69-4B14A5CDDF6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30C9774A-1309-471C-BD52-0E3DD48E1AEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{378667D0-90A1-49D5-9B6D-15886250BEDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{43401578-68B3-45A4-A045-C92F9F9581AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D728D6A-8F78-4851-9F9D-0C9D7771BCC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75249378-99BB-4572-96D4-0610AB46AA27}" = rport=10243 | protocol=6 | dir=out | app=system |
"{98C1A0EB-8289-4F10-B6D8-71AE524B2054}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CCFA902-D8A7-48F7-AB0A-4F0393D12400}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A15684D0-91C0-4870-A017-F9728B0250E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4D71E5C-D369-41A6-9D3D-29B8773C6731}" = lport=445 | protocol=6 | dir=in | app=system |
"{A77F0123-B1D9-4603-BA83-11F79AF971E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{B8371AE5-81F8-41FF-A6AF-DA24EAA0FB3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C331B928-32A5-4973-9524-DF2C9C409BC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE6976C8-0DFE-486B-8FE5-DAD025D2CA41}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5A32A97-FBBD-48D0-9963-C4B899FE7172}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{D75734D6-E5D6-46A4-BEA5-5DABA89A4AF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2601228-4BE5-4FBC-8626-718AEDF4CA11}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E29DB2CC-1082-4A75-8E3E-B6EE3B81F0E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{FB04F2E9-2846-42EB-8A96-9A116FB0B3E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FBEB1F1C-FFFE-4274-A6C3-A6E37C6BF99F}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A80D66B-C939-4062-B62A-8FDD2DEC4727}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B133B2D-DAFE-4172-9ADD-CD4D55391B99}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0E474F3B-DC85-44FD-BEBC-13B9E3CA2DAF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{111DFDE0-19CA-42ED-B24E-94001312A3B5}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{15DA6B8B-67B5-447C-80B3-1D1E02D969AB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{15FA27EF-E631-4D0A-BA81-75251EFD3937}" = protocol=6 | dir=out | app=system |
"{1929BB36-6EAA-4E24-8B77-CDE13F53F205}" = protocol=58 | dir=in | [email protected],-28545 |
"{210E43FE-98F4-402E-B173-746D1422F665}" = protocol=58 | dir=out | [email protected],-28546 |
"{259F1611-C159-42C3-AFAF-5539853B7035}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{25F3B69C-8D87-4D63-975D-15F85F7BEE70}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F0F1420-38F1-447F-B9DB-A20B288B0632}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{3449474A-5357-4CAA-9D2E-447C0E8BA67D}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{3AAF94E4-2098-44AF-A652-33CC897B8E99}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{3FB33BB3-DDB3-426E-8AE0-CA66324923EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46FE7B83-E427-4318-A15D-677E850D0740}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{57D0B627-6A43-4FCF-A3BE-E21B5D7D2EBE}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{581FB8BB-7638-4ABB-9F66-6F71680A5578}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A1842FB-CA84-40EC-B38C-BE75008FC9BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A6A4999-D213-474E-9218-2C40DB4A4009}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5B670A96-A7AA-4B3E-8321-1E2DF738C708}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{69B0EA59-B6BB-4F61-93F3-78F6E3F1C446}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F9FC583-58D4-41AA-ABEE-C0BEDBDCA227}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7563A07A-63A5-4257-B487-3320644DC908}" = protocol=1 | dir=in | [email protected],-28543 |
"{8D512184-67E8-4247-B886-74B173BA8DDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{911549A8-044F-42BA-BD7F-2449A8030CF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9167E6DF-C7BC-4810-9DBE-8927957CCC13}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{93986BAE-5214-46DC-B318-141D2814B512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9562855B-93B3-4C38-B519-B8848AE780ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C21A1F4-32CF-4141-B028-F6ABD6476064}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A34420C3-E597-4BA3-BC13-07323C48880E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A8B8F798-5DF8-40C9-958C-743FE7C41338}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{AC6E7E9D-8301-4358-ADE7-26524836216A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD04D945-398C-4CB3-A5B8-B0A2F91C63D0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AE20087B-B2A0-4D53-9A51-674506C461FE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{B594D71A-C621-42C4-AFDF-03830367E10F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5A6EA98-6AFB-4A64-A7A3-76D02FFF2617}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B745D5B5-0591-442A-B67A-B6E6FB63CC65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C552B91C-4AA1-4F25-91BC-539E15878304}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5686179-DA9F-4A1F-9B91-2EE3AAC4D831}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{C625889E-9C7B-4DAC-9686-9F4FEC8706A8}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{CCA456F4-C463-4238-917F-2D9087F9CDBB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D64DAAC3-3615-46D7-9676-E10679B9500C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F2C36037-A75A-4858-B142-7D24BA2AC1FA}" = protocol=1 | dir=out | [email protected],-28544 |
"{FF781BD6-718C-412F-A3B2-2F89239C91CF}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"TCP Query User{15BBE1DA-2222-40E0-ABA1-7DB4F5C38BB4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{306D28DD-F3B8-4892-9637-B6A2FFA3325F}C:\users\anita\appdata\roaming\adobe\dreamweaver cs4\en_us\configuration\shared\virtuosoft\themedreamer\tdextension\tdextension.exe" = protocol=6 | dir=in | app=c:\users\anita\appdata\roaming\adobe\dreamweaver cs4\en_us\configuration\shared\virtuosoft\themedreamer\tdextension\tdextension.exe |
"TCP Query User{3D617ACD-60E4-48D5-BB06-6D488484E6AF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{72426D40-4AD6-4A5D-BE16-70CB1A4CDF83}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{74A45DD4-56FB-4179-B249-DA926CBE0E8F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B3247C94-C9C4-4967-BCF3-C0AF64ADB793}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |
"TCP Query User{B97DBD8B-876E-4B73-BEF3-B6332D72DE4C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E98B23AE-483D-445F-A8F2-D9183BF17215}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{048E978D-5216-43C3-B0CE-CE7A3B83DA7B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{3103FB69-1C29-49E7-A308-AAD0B1F7FAAB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5FD8AB07-3AB2-4207-9D81-34FFD1153098}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{6C9B726E-979D-462A-B636-C9A6C4834FFB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{7CFD414F-CE51-40C0-9999-F9AA642887B6}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{DCF41568-924A-4A7C-8DFF-173F45EBE97B}C:\users\anita\appdata\roaming\adobe\dreamweaver cs4\en_us\configuration\shared\virtuosoft\themedreamer\tdextension\tdextension.exe" = protocol=17 | dir=in | app=c:\users\anita\appdata\roaming\adobe\dreamweaver cs4\en_us\configuration\shared\virtuosoft\themedreamer\tdextension\tdextension.exe |
"UDP Query User{EBA6E384-BA08-4F46-96E1-9B0CA9329908}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{FB82472D-E4E6-42B4-AB2C-3A55F490CCED}C:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{071EA6A1-4189-3D9C-6B3F-0BE15495CE80}" = Catalyst Control Center Core Implementation
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08137BF5-9879-EBDA-6462-79D3C6D113B2}" = Catalyst Control Center Localization Portuguese
"{09621381-D4B0-2D6A-AB14-E8CE4CD424D9}" = Catalyst Control Center Graphics Previews Vista
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09D3675D-E1BB-1B3D-3F35-0338F7AAB0FD}" = Catalyst Control Center Localization Czech
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17A094EF-F8E5-B263-4369-BF434C88A717}" = Market Samurai
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DE63D16-8A5E-74AB-1A5F-6E1834234229}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{254C0471-5FDF-D591-1219-112ABECED882}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{285432CE-2033-7317-27FC-DFB027E24F33}" = Catalyst Control Center Localization French
"{29E1DB75-A926-D7A5-6773-E24477526D49}" = CCC Help Chinese Traditional
"{2B82EEF1-A86E-CE6A-E7E6-ED114131E383}" = Catalyst Control Center Graphics Full New
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{2F3FC1A5-37B4-7685-7295-37FD1B3FE806}" = CCC Help Danish
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32EBA2B9-23F8-82A8-E229-0F283EE902B0}" = CCC Help Portuguese
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36DB05B6-721B-4001-87EA-7AC42E3BB0F6}" = Sony Cinescore Plug-In 1.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A2536D9-53FF-CD79-F46C-9E3902D2EEBA}" = CCC Help English
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6CE5E6-7416-37A1-1DA2-2BCB0A9CF444}" = Catalyst Control Center Localization Japanese
"{3A7D9B34-E8A9-A352-20C1-0607B1D5F8B6}" = Catalyst Control Center Localization Chinese Traditional
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9544A3-63B0-E523-D212-5C010368E492}" = Catalyst Control Center Localization Spanish
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41802C9A-1BF6-9A4E-D903-C6587560D758}" = Catalyst Control Center Localization Chinese Standard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5329AD26-1D03-B437-263A-6DF49A433366}" = Acrobat.com
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58D9BD9C-C96F-F308-5D72-371A9D3CC939}" = CCC Help Dutch
"{6165BE73-8AC5-A2B6-8910-963387FE5B9B}" = Catalyst Control Center Localization Russian
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = The Sims™ 3 Create a World Tool - Beta
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A25BA91-82D1-0841-FC65-57CE27540922}" = Catalyst Control Center Localization Danish
"{6A41CE62-8379-2A4D-E690-AA5D4DA8A279}" = ccc-core-static
"{6BB99DE2-D79C-B223-8D4F-E3D80A478D0F}" = CCC Help Polish
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E52D2FB-5FB5-334E-86F9-4316EEDC2926}" = ccc-utility
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72BBB36F-D323-0746-4F92-083E4C5EAC52}" = CCC Help Czech
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DDF474C-2AF9-4A3B-57E0-FBF31ED2C913}" = Catalyst Control Center Localization Polish
"{7E992D2F-5D9F-0A2A-302E-E4AC8FB79F47}" = Catalyst Control Center Graphics Full Existing
"{7EA8E1A6-9519-4AA6-A3CA-B977E0677700}" = Autodesk DirectConnect 2009 R1
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DB8DAE-531B-FDA4-E683-8C82F0F81F26}" = Catalyst Control Center Localization Turkish
"{865A7423-1322-E68E-4604-BEB0EEBFB624}" = Catalyst Control Center Localization Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88DC15A9-2ABB-44F7-A597-E5070E6210E5}" = DoFellow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9622AE32-1EE6-4EB6-A86F-B3346A34BAE0}" = Sony Cinescore 1.0
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy
"{9FFC6670-6711-387B-3566-7D0DA1808531}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8176277-4272-EA16-CDAE-1E37C62E14B2}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E38025-D8D8-FB5E-0DDB-12691243EF1F}" = CCC Help Norwegian
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 2.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AFE52E73-FADF-7AEC-9F2E-9C490C77AB61}" = Catalyst Control Center Localization German
"{B08C4A7A-3990-4A90-96B1-6EA628DEB0E0}" = Camtasia Legacy Theater
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16469A5-D2FA-A0C8-D371-2F4C8D5707D4}" = CCC Help Finnish
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B463846D-85B8-5B31-59BD-AA68307ECC69}" = CCC Help Spanish
"{B483D67F-8223-F1C5-1CBD-59B13676019E}" = CCC Help Greek
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7BA5747-159E-B1E7-B73D-E3B7575D783A}" = CCC Help Thai
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4FBC02-B2B7-ACCA-C983-FFF31FC3C1C9}" = CCC Help Japanese
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C08B098D-E9A6-649F-120D-9263C0527C2E}" = Catalyst Control Center Localization Swedish
"{C22EDAB3-B9C3-3189-6FE5-8DC4CFADED81}" = CCC Help Hungarian
"{C4FA4F86-63E8-9CD5-8CD3-25E4AC0E8861}" = Catalyst Control Center Localization Finnish
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C63225DD-4956-D968-E563-30371AA23FD8}" = Skins
"{C7D5F833-4603-B3A3-4DB7-178022D73CC6}" = Catalyst Control Center Localization Dutch
"{CC4AD2ED-C8C8-6548-BAB0-59058B3FA658}" = Catalyst Control Center Localization Greek
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE5EB718-FCD1-410F-AC69-2EDCF63119BE}" = Autodesk License Manager 1.0.31
"{D04DA284-0680-277B-832E-B795D9302F8D}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D5B90069-DC5F-E482-D86A-B0CBBBD0E50E}" = CCC Help Russian
"{DF7A3C71-08FD-9154-BF1C-81BC491F4C2C}" = CCC Help French
"{E3805F9D-0C4E-47EF-B554-2FE75ADFD4DB}" = TSR Workshop
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA78289C-35D1-10D4-CA0D-7C653B2E212A}" = Catalyst Control Center Localization Hungarian
"{EAE06CC6-8838-CA77-347C-BD3E9DEC6C93}" = Catalyst Control Center Localization Italian
"{EB18E9CE-A633-1192-BDF6-4EA15DA97785}" = Catalyst Control Center Graphics Light
"{ECA47E2A-51B0-2F2F-67D3-A2A0639092B1}" = Catalyst Control Center Localization Korean
"{ED5085E1-BA8E-1464-2E3D-400086526EDE}" = Catalyst Control Center Localization Thai
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FFA58E6D-8053-18D7-C9BB-C76312C1E12C}" = CCC Help Korean
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AI RoboForm" = AI RoboForm (All Users)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Artisteer 2" = Artisteer 2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EA Download Manager" = EA Download Manager
"EPSON Scanner" = EPSON Scan
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 1.34
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"SecondLife" = SecondLife (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"FamilySearch Indexing" = FamilySearch Indexing
"Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 11:43:32 PM | Computer Name = Anita-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2010 9:05:16 PM | Computer Name = Anita-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/30/2010 2:41:02 AM | Computer Name = Anita-PC | Source = Application Error | ID = 1000
Description = Faulting application iTunes.exe, version 9.0.3.15, time stamp 0x4b590a69,
faulting module iTunes.dll, version 9.0.3.15, time stamp 0x4b590a4b, exception
code 0xc0000005, fault offset 0x00591a0e, process id 0x158c, application start time
0x01cacfc86f7c5d0d.

Error - 4/2/2010 9:21:46 PM | Computer Name = Anita-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/3/2010 3:21:03 PM | Computer Name = Anita-PC | Source = VSS | ID = 8194
Description =

Error - 4/4/2010 1:11:41 PM | Computer Name = Anita-PC | Source = VSS | ID = 8194
Description =

Error - 4/4/2010 9:09:45 PM | Computer Name = Anita-PC | Source = VSS | ID = 8194
Description =

Error - 4/7/2010 2:10:53 PM | Computer Name = Anita-PC | Source = VSS | ID = 8194
Description =

Error - 4/7/2010 10:18:28 PM | Computer Name = Anita-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module jvm.dll, version 14.3.0.1, time stamp 0x4ad1ccc7, exception code
0xc0000005, fault offset 0x000c6542, process id 0xa94, application start time 0x01cad37b55a3b270.

Error - 4/12/2010 4:07:00 PM | Computer Name = Anita-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3743, time stamp 0x4bb4be02,
faulting module xul.dll, version 1.9.2.3743, time stamp 0x4bb4bdc1, exception code
0xc0000005, fault offset 0x001a91ed, process id 0x1b68, application start time 0x01cad6c1f2ecfc50.

[ System Events ]
Error - 6/15/2010 3:14:51 AM | Computer Name = Anita-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/15/2010 3:14:52 AM | Computer Name = Anita-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/15/2010 3:37:26 AM | Computer Name = Anita-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 6/15/2010 3:37:26 AM | Computer Name = Anita-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 6/16/2010 2:55:52 AM | Computer Name = Anita-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:16:13 AM on 6/15/2010 was unexpected.

Error - 6/16/2010 2:56:05 AM | Computer Name = Anita-PC | Source = HTTP | ID = 15016
Description =

Error - 6/16/2010 2:56:09 AM | Computer Name = Anita-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.108 for the Network Card with network
address 00242B610CE4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/16/2010 2:57:08 AM | Computer Name = Anita-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2010 2:57:08 AM | Computer Name = Anita-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/16/2010 2:57:08 AM | Computer Name = Anita-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


It seems to start crashing after it runs a while.. then just get worse.

Thanks again!

Edited by cloudywithachance, 16 June 2010 - 07:21 PM.

  • 0

#6
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I tried to edit the last post to add this info, but it didn't show up.

I renamed the daemon tools file because I read it was giving other people trouble with startup and I also uninstalled daemon tools light, I don't use it anyway.

The computer started crashing again last night really bad after using a root kit detector program by trend micro.. before it crashed though, the program had found 1 hidden file.

My security center is off.. can't seem to turn it back on.

I also notice a proxy dns in the network setup area.. I had to re-enable "automatically detect settings". I hope you understand what I'm talking about. I'm trying to hurry and get this done before the computer happens to crash since it's been running for a little bit now. It seems to crash after I do anything major on it besides browsing files.

In task manager, I noticed firefox is using 97,000k just with this one window running. That seems really high me.. strange?

Thankyou again for helping me with this.. I work online and have been unable to do so since this problem started about a week ago.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
Mostly what I see is File System corruption. Run a disk check again just to make sure the drive is healthy.

1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check.

Then get SIW from
http://www.snapfiles.com/get/siw.html

Save it to your desktop and then right click on it and select Run As Administrator. Once it comes up look under Hardware and then under Sensors. In the right pane there should be several temperature readings. Note them then have the PC do something like a scan or run a dvd for about 5 minutes and check the temps again. Are they going up? How high?

Run:

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Richtclick on mbam-setup.exe and Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

Edited by RKinner, 16 June 2010 - 09:03 PM.

  • 0

#8
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Ron,

Ok, I managed to get everything done..

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4208

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/17/2010 10:55:28 AM
mbam-log-2010-06-17 (10-55-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 359322
Time elapsed: 1 hour(s), 51 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the Combofix log:

ComboFix 10-06-16.04 - Anita 06/17/2010 11:13:14.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1483 [GMT -5:00]
Running from: c:\users\Anita\Desktop\george.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\win.com
c:\windows\WINDOWS
c:\windows\WINDOWS\unzip.exe
c:\windows\WINDOWS\wget.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-17 16:22 . 2010-06-17 16:22 -------- d-----w- c:\users\Anita\AppData\Local\temp
2010-06-17 16:22 . 2010-06-17 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 08:53 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 08:53 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-17 08:24 . 2010-06-17 08:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-17 08:23 . 2010-06-17 08:23 -------- d-----w- c:\users\Anita\AppData\Local\VirtualStore
2010-06-17 02:18 . 2010-06-17 02:18 -------- d-----w- c:\windows\system32\ca-ES
2010-06-17 02:18 . 2010-06-17 02:18 -------- d-----w- c:\windows\system32\eu-ES
2010-06-17 02:18 . 2010-06-17 02:18 -------- d-----w- c:\windows\system32\vi-VN
2010-06-17 02:00 . 2010-06-17 02:00 -------- d-----w- c:\windows\system32\EventProviders
2010-06-17 01:50 . 2009-04-11 06:28 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-06-17 01:25 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-17 01:25 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-17 01:25 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-17 01:25 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-17 01:25 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-17 01:25 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-17 01:25 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-17 01:25 . 2010-06-17 01:25 -------- d-----w- c:\programdata\Alwil Software
2010-06-17 01:25 . 2010-06-17 01:25 -------- d-----w- c:\program files\Alwil Software
2010-06-16 12:01 . 2010-06-16 12:01 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-16 06:57 . 2010-06-16 06:57 -------- d-----w- c:\users\Anita\AppData\Roaming\Leadertech
2010-06-16 06:56 . 2010-06-16 06:56 0 ----a-w- c:\windows\system32\cd.dat
2010-06-14 12:28 . 2010-06-14 12:30 -------- d-----w- c:\users\Anita\AppData\Roaming\QuickScan
2010-06-14 12:28 . 2010-05-31 21:34 702120 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-14 12:28 . 2010-05-31 21:34 868456 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-06-09 13:51 . 2010-06-09 13:51 -------- d-----w- c:\users\Anita\AppData\Roaming\Malwarebytes
2010-06-09 13:51 . 2010-06-17 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 13:51 . 2010-06-09 13:51 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 06:42 . 2010-06-09 06:42 -------- d-----w- c:\users\Anita\AppData\Roaming\FireShot
2010-06-08 22:10 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 07:44 . 2010-06-08 07:44 -------- d-----w- c:\users\Anita\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-06-08 07:43 . 2010-06-08 07:44 -------- d-----w- c:\program files\Market Samurai
2010-06-06 23:14 . 2009-10-08 15:31 3204096 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
2010-06-06 23:14 . 2009-10-07 23:06 106496 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll
2010-06-06 23:08 . 2009-10-08 15:31 3204096 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2010-06-06 23:08 . 2009-10-07 23:06 106496 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2010-06-06 23:08 . 2009-03-20 04:57 40960 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2010-06-06 23:08 . 2009-09-24 02:29 28672 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2010-06-05 06:42 . 2010-05-23 22:50 73216 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-06-05 06:42 . 2010-04-18 19:33 307200 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-06-05 06:42 . 2010-04-18 19:33 172032 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-06-05 06:28 . 2010-06-08 07:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-05 06:27 . 2010-06-05 06:27 691696 ----a-w- c:\windows\system32\drivers\DisabledLisasptd.sys
2010-06-05 06:25 . 2010-06-05 06:41 -------- d-----w- c:\users\Anita\AppData\Roaming\DAEMON Tools Lite
2010-06-05 06:25 . 2010-06-05 06:25 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-01 16:04 . 2010-06-01 16:04 -------- d-----w- c:\program files\Common Files\Java
2010-06-01 16:04 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-30 18:42 . 2010-05-30 18:42 -------- d-----w- c:\program files\Mad Scientist Productions
2010-05-30 18:24 . 2010-06-05 09:37 -------- d-----w- C:\Sims 3 Framework Checker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 08:41 . 2010-04-05 08:40 0 ----a-w- c:\users\Anita\AppData\Local\prvlcl.dat
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 02:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-06-17 02:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-16 13:24 . 2009-08-19 23:59 1356 ----a-w- c:\users\Anita\AppData\Local\d3d9caps.dat
2010-06-16 11:58 . 2010-04-05 05:55 -------- d-----w- c:\program files\Ask.com
2010-06-11 14:13 . 2010-04-05 05:55 -------- d-----w- c:\users\Anita\AppData\Roaming\BitTorrent
2010-06-11 13:43 . 2010-02-10 11:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-11 13:43 . 2009-10-29 04:20 -------- d-----w- c:\program files\SENuke
2010-06-09 00:13 . 2009-06-03 00:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 00:06 . 2008-12-04 12:42 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 07:39 . 2008-12-04 12:57 -------- d-----w- c:\program files\Acer GameZone
2010-06-08 07:28 . 2010-01-06 02:33 -------- d-----w- c:\program files\Yahoo!
2010-06-08 07:27 . 2010-01-20 22:45 -------- d-----r- c:\program files\Skype
2010-06-08 07:22 . 2008-12-04 12:57 -------- d-----w- c:\program files\Google
2010-06-08 07:21 . 2008-12-04 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 07:19 . 2010-05-14 07:00 -------- d-----w- c:\program files\Free Download Manager
2010-06-05 08:05 . 2009-11-13 14:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-05 08:05 . 2009-11-13 14:31 38784 ----a-w- c:\users\Anita\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-05 07:56 . 2009-06-02 16:37 -------- d-----w- c:\programdata\Electronic Arts
2010-06-05 07:38 . 2009-07-31 13:45 -------- d-----w- c:\users\Anita\AppData\Roaming\Azureus
2010-06-05 07:28 . 2009-12-27 04:22 -------- d-----w- c:\program files\Electronic Arts
2010-06-04 02:32 . 2009-07-31 13:40 -------- d-----w- c:\program files\Vuze
2010-06-03 15:25 . 2009-08-14 01:43 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 15:25 . 2009-08-14 01:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 16:04 . 2009-05-11 03:12 -------- d-----w- c:\program files\Java
2010-05-26 17:06 . 2010-06-08 22:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 22:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-17 14:02 . 2010-05-10 07:41 110 ----a-w- c:\users\Anita\jobq.dat
2010-05-05 18:56 . 2010-05-05 18:56 -------- d-----w- c:\programdata\WindowsSearch
2010-05-04 05:59 . 2010-06-08 22:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 22:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 22:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 22:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-26 21:38 . 2010-04-26 21:38 -------- d-----w- c:\program files\S3 Ripper
2010-04-23 14:13 . 2010-06-08 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-17 19:45 . 2009-01-30 15:40 72680 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-15 23:54 . 2010-04-15 23:54 2238 ----a-r- c:\users\Anita\AppData\Roaming\Microsoft\Installer\{88DC15A9-2ABB-44F7-A597-E5070E6210E5}\_FDFB831D8CC165CB51705F.exe
2010-04-15 23:54 . 2010-04-15 23:54 2238 ----a-r- c:\users\Anita\AppData\Roaming\Microsoft\Installer\{88DC15A9-2ABB-44F7-A597-E5070E6210E5}\_6FEFF9B68218417F98F549.exe
2010-04-08 03:47 . 2009-05-11 03:14 41 ----a-w- c:\users\Anita\jagex_runescape_preferences.dat
2010-04-08 03:22 . 2010-01-27 04:40 69 ----a-w- c:\users\Anita\jagex_runescape_preferences2.dat
2010-04-08 02:22 . 2010-04-08 02:22 0 ----a-w- c:\users\Anita\jagex__preferences3.dat
2010-04-05 17:01 . 2010-06-08 22:16 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 01:16 . 2009-08-14 01:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-03 01:16 . 2009-08-14 01:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-26 15:33 . 2010-05-13 03:18 1496064 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-05-13 03:18 43008 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-05-13 03:18 339456 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-05-13 03:18 346112 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-02 16:18 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-11-09 12:55 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Anita^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 05:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihaverenamedswg]
2009-01-30 15:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IhaverenamedWMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2009-11-16 04:13 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 03:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-30 15:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-01-30 16:34 1347584 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e6,59,fa,10,f5,0d,cb,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-17 2800669]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-03 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-03 242896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-03 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-03 308064]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 68.168.215.166:51499
FF - ProfilePath - c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Lexmark 4200 Series - c:\program files\Lexmark 4200 Series\lxbmbmgr.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-start 1 - c:\users\Anita\AppData\Local\Temp\svchost.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 11:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2010-06-17 11:28:22
ComboFix-quarantined-files.txt 2010-06-17 16:28

Pre-Run: 13,328,158,720 bytes free
Post-Run: 13,268,848,640 bytes free

- - End Of File - - FDE644D7A813BDD4978C706DB2C7EB35



Here are the VEW logs:


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 17/06/2010 11:46:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/06/2010 4:22:55 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/06/2010 4:12:54 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 17/06/2010 4:03:03 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.102 for the Network Card with network address 00242B610CE4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 17/06/2010 2:00:48 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: sptd

Log: 'System' Date/Time: 17/06/2010 2:00:48 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 2:00:48 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 1:59:51 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 4:50:56 AM on 6/17/2010 was unexpected.

Log: 'System' Date/Time: 17/06/2010 8:49:12 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: sptd

Log: 'System' Date/Time: 17/06/2010 8:49:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:49:12 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:30:42 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: sptd

Log: 'System' Date/Time: 17/06/2010 8:30:42 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:30:42 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:26:55 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.

Log: 'System' Date/Time: 17/06/2010 8:17:59 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:17:32 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 17/06/2010 8:12:47 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: sptd

Log: 'System' Date/Time: 17/06/2010 8:12:47 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:12:47 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/06/2010 8:11:12 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.108 for the Network Card with network address 00242B610CE4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/06/2010 4:03:03 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 17/06/2010 9:23:47 AM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 17/06/2010 8:28:10 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/06/2010 8:11:12 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB971737(Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB968537(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB961501(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB969897(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB969897(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB970238(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB956744(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB971961(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB968816(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB968816(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB961371(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB970710(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB973540(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB972260(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB972260(Security Update) into Install Requested(Install Requested) state

Log: 'System' Date/Time: 17/06/2010 2:12:14 AM
Type: Warning Category: 0
Event: 4376 Source: Microsoft-Windows-Servicing
Servicing has required reboot to complete the operation of setting package KB971486(Security Update) into Install Requested(Install Requested) state


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 17/06/2010 11:48:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/06/2010 4:15:52 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application PEV.exe, version 0.0.0.0, time stamp 0x4bd0e994, faulting module PEV.exe, version 0.0.0.0, time stamp 0x4bd0e994, exception code 0x40000015, fault offset 0x0008d560, process id 0xdb4, application start time 0x01cb0e385a55985d.

Log: 'Application' Date/Time: 17/06/2010 2:00:48 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/06/2010 8:49:11 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/06/2010 8:35:50 AM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "Spooler" service in DLL "C:\Windows\system32\winspool.drv" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 17/06/2010 8:35:49 AM
Type: Error Category: 0
Event: 1017 Source: Microsoft-Windows-Perflib
Disabled performance counter data collection from the "PolicyAgent" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Log: 'Application' Date/Time: 17/06/2010 8:35:49 AM
Type: Error Category: 0
Event: 1005 Source: Microsoft-Windows-Perflib
Unable to locate the open procedure "OpenIPSecPerformanceData" in DLL "C:\Windows\System32\ipsecsvc.dll" for the "PolicyAgent" service. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 17/06/2010 8:35:48 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 17/06/2010 8:35:42 AM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 17/06/2010 8:30:42 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/06/2010 8:13:24 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/06/2010 8:12:46 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 17/06/2010 2:07:52 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH\TRASH\CACHE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:07:52 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH\TRASH> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:03:24 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH\TRASH\CACHE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:03:23 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH\TRASH> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:02:31 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH\TRASH\CACHE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:02:31 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH\TRASH> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:02:28 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\EXTENSIONS\ACCESS PRIVILEGES TEST> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 2:02:21 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\ANITA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\W43GYYXM.DEFAULT\CACHE.TRASH> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 17/06/2010 12:33:31 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/06/2010 8:13:28 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WmiPerfClass, has been registered in the Windows Management Instrumentation namespace root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 17/06/2010 8:13:28 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WmiPerfClass, has been registered in the Windows Management Instrumentation namespace root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/06/2010 1:22:28 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 15/06/2010 7:14:25 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 14/06/2010 12:16:26 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 14/06/2010 3:47:24 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 14/06/2010 3:26:04 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 13/06/2010 9:29:36 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 13/06/2010 12:13:47 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 13/06/2010 12:13:07 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 12/06/2010 11:13:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 11/06/2010 5:22:34 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 11/06/2010 4:04:30 PM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 11/06/2010 1:36:28 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 11/06/2010 1:34:05 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 11/06/2010 12:52:12 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 09/06/2010 1:40:45 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 09/06/2010 8:49:44 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 09/06/2010 12:12:01 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3498123923-2966999757-3915773598-1000:
Process 4928 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3498123923-2966999757-3915773598-1000\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 08/06/2010 7:34:04 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 296) cannot be restarted - Application SID does not match Conductor SID..




I couldn't find the temperate readings in SIW, only battery readings. I think it is possibly overheating for some reason though. I have kept it over the A/C vent while running these scans to keep it really nice and cool. It never overheated before this and I could leave it run for days and play sims 3 without any problems.

In the first attempt at running Malwarebytes, the laptop shut off again. So, I waited a long time for it to cool down and then put it over the vent :)

Another thing that you should know.. I installed Avast and did a boot scan. It found Java:Djewers-N [Trj] in the Java cache googles.class

Thanks again!
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
From the Event Log:

"The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report."

This is usually caused by the CPU being too hot. Let's see if it has a reason to be hot:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


AVG and your HotSpot firewall may be in conflict. First time I've run into HotSpot but I know AVG and Zone Alarm do not get along at all. Can you uninstall HotSpot?

You can uninstall Java for now and then delete the folder Java in C:\Program Files.

Ron
  • 0

#10
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the file from process manager:

Process PID CPU Private Bytes Working Set Description Company Name
svchost.exe 1108 32.86 177,440 K 181,432 K Host Process for Windows Services Microsoft Corporation
System Idle Process 0 21.43 0 K 24 K
TrustedInstaller.exe 3864 17.14 20,348 K 22,988 K Windows Modules Installer Microsoft Corporation
firefox.exe 3456 8.57 122,536 K 138,012 K Firefox Mozilla Corporation
avgcsrvx.exe 3212 8.57 8,860 K 11,028 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
procexp.exe 3868 4.29 15,744 K 21,336 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 2.86 0 K 0 K Hardware Interrupts
svchost.exe 1024 1.43 16,400 K 11,764 K Host Process for Windows Services Microsoft Corporation
svchost.exe 900 1.43 2,808 K 5,612 K Host Process for Windows Services Microsoft Corporation
services.exe 648 1.43 2,464 K 6,308 K Services and Controller app Microsoft Corporation
wuauclt.exe 2020 2,492 K 4,892 K Windows Update Microsoft Corporation
wmpnscfg.exe 2076 1,452 K 4,276 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
wmpnetwk.exe 2956 6,304 K 10,468 K Windows Media Player Network Sharing Service Microsoft Corporation
WmiPrvSE.exe 3000 3,084 K 5,552 K WMI Provider Host Microsoft Corporation
winlogon.exe 616 1,284 K 4,136 K Windows Logon Application Microsoft Corporation
wininit.exe 560 1,156 K 3,732 K Windows Start-Up Application Microsoft Corporation
wermgr.exe 3648 3,416 K 7,488 K Windows Problem Reporting Microsoft Corporation
unsecapp.exe 2904 2,096 K 3,896 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
taskeng.exe 456 1,824 K 5,496 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 1212 8,856 K 8,968 K Task Scheduler Engine Microsoft Corporation
System 4 0 K 101,496 K
svchost.exe 1412 14,932 K 14,676 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1092 53,736 K 57,724 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1848 6,288 K 10,488 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2180 1,440 K 4,068 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1272 6,124 K 10,684 K Host Process for Windows Services Microsoft Corporation
svchost.exe 824 2,644 K 5,608 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1216 1,716 K 4,492 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2068 2,100 K 5,088 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2100 3,272 K 5,808 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 3688 8,556 K 15,312 K Spooler SubSystem App Microsoft Corporation
smss.exe 428 256 K 692 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1236 5,360 K 10,336 K Microsoft Software Licensing Service Microsoft Corporation
SearchIndexer.exe 2200 38,844 K 11,228 K Microsoft Windows Search Indexer Microsoft Corporation
RtkBtMnt.exe 3008 2,336 K 3,612 K Realtek HD Audio Data Rerouter Realtek Semiconductor Corp.
RtHDVCpl.exe 1504 10,440 K 10,068 K HD Audio Control Panel Realtek Semiconductor
lsm.exe 668 1,704 K 3,592 K Local Session Manager Service Microsoft Corporation
lsass.exe 660 2,848 K 1,172 K Local Security Authority Process Microsoft Corporation
explorer.exe 572 24,392 K 27,660 K Windows Explorer Microsoft Corporation
dwm.exe 448 1,068 K 3,652 K Desktop Window Manager Microsoft Corporation
DPCs n/a 0 K 0 K Deferred Procedure Calls
csrss.exe 568 9,604 K 10,524 K Client Server Runtime Process Microsoft Corporation
csrss.exe 496 1,688 K 5,772 K Client Server Runtime Process Microsoft Corporation
avgwdsvc.exe 1596 7,128 K 2,540 K AVG Watchdog Service AVG Technologies CZ, s.r.o.
avgtray.exe 1376 4,916 K 2,292 K AVG Tray Monitor AVG Technologies CZ, s.r.o.
avgrsx.exe 3108 2,136 K 908 K AVG Resident Shield Service AVG Technologies CZ, s.r.o.
avgnsx.exe 2588 9,880 K 2,636 K AVG Network scanner Service AVG Technologies CZ, s.r.o.
avgemc.exe 2548 5,912 K 1,560 K AVG E-Mail Scanner AVG Technologies CZ, s.r.o.
avgcsrvx.exe 3176 3,172 K 5,912 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.
avgchsvx.exe 3084 49,256 K 6,644 K AVG Cache Server AVG Technologies CZ, s.r.o.
AvastUI.exe 1424 11,180 K 7,788 K avast! Antivirus ALWIL Software
AvastSvc.exe 1528 23,664 K 45,056 K avast! Service ALWIL Software
audiodg.exe 1196 15,664 K 16,056 K Windows Audio Device Graph Isolation Microsoft Corporation

_______________________

When I killed these processes, which were using alot of CPU.. things settled down:
wmpnscfg.exe 2076 1,452 K 4,276 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
wmpnetwk.exe 2956 6,304 K 10,468 K Windows Media Player Network Sharing Service Microsoft Corporatio


I also got this error message:

Spooler SubSystem App stopped working and was closed.
A problem caused the application to stop working correctly.
Windows will notify you if a solution is available.
(Data execution prevention stopped this to protect my computer.. in another popup when I closed that error message)

I will uninstall Hotspot shield and Java.

I did notice that I had a svchost.exe in my temp folder before and there was reference to it in the startup programs, which I unchecked so that it wouldn't start.

Edited by cloudywithachance, 18 June 2010 - 09:09 PM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
If you click on the first svchost I think it will give you more information about what modules it is running. It is taking up way too much CPU.

Get the Windows Installer CleanUp Utility from

http://download.micr...1bd/msicuu2.exe

Save and Run it. You have something trying to install that seems to be stuck. Perhaps if you use the utility to remove the last install that might help.

Ron
  • 0

#12
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It has installed 2 more updates already since then.. should I still undo the one before I started having trouble?

Keep in mind that my son has the same laptop as me (exactly) and his laptop started acting up doing the same thing as mine does about 7 hours before mine. We are running a home network here from a Linksys router.

I took some screenshots of that svchost.exe attached them to this message so you can see what is going on with that.

Thanks again,

Lisa

Attached Thumbnails

  • svchost.jpg
  • svchost2.jpg
  • svchost3.jpg

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
The current process explorer is not showing a problem. Perhaps the latest updates fixed the problem. I went back through your logs and it appears you installed avg without uninstalling Avast. Then you said you installed Avast. Make sure you have uninstalled AVG. Then download, save & run the AVG removal tool.
http://download.avg..../avgremover.exe

We only want one anti-virus. Two or more will fight each other. In the future do not make any changes unless I ask you to. Also do not run any scans unless I ask for them.

I see a problem with WMI so let's clean it up:

Open an elevated Command Prompt window. To do so, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

Type this command and press Enter:

net stop winmgmt

Using Windows Explorer, (right click on start and select Explore) rename the folder c:\windows\System32\Wbem\Repository. (For example, c:\windows\System32\Wbem\Repository_bad). %windir% represents the path to the Windows directory, which is typically C:\Windows. (These instructions are from Microsoft. If you have problems with the explorer part let me know and I will walk you through it.)

Switch back to the Command Prompt window, and type the following and press ENTER after each line:

net start winmgmt

EXIT

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Select Windows Logs. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application.

Now we will clean up the daemon tools and remove windows media player since it's sick.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

File::
c:\windows\System32\Drivers\sptd.sys

Driver::
sptd

Folder::
c:\program files\DAEMON Tools Lite
c:\program files\Windows Media Player

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

Finally run VEW.exe as before and post the logs.

Ron
  • 0

#14
cloudywithachance

cloudywithachance

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Ron,

I've done everything in the last post, except for uninstalling Windows Media Player 11.. I couldn't find an option to uninstall it anywhere so I did some checking on Google and it seems that it is part of Vista and cannot be uninstalled.

I am still running with only the Windows services and firewall/virus protection services enabled, should I switch back to completely normal startup or just leave it as is yet?

Here are the log files requested:


ComboFix 10-06-16.04 - Anita 06/23/2010 12:19:53.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1914 [GMT -5:00]
Running from: c:\users\Anita\Desktop\george.exe
Command switches used :: c:\users\Anita\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\windows\System32\Drivers\sptd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPTD
-------\Service_sptd


((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 17:31 . 2010-06-23 17:34 -------- d-----w- c:\users\Anita\AppData\Local\temp
2010-06-23 17:31 . 2010-06-23 17:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-23 17:31 . 2010-06-23 17:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-23 17:31 . 2010-06-23 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-23 17:11 . 2010-06-23 17:33 -------- d-----w- c:\windows\system32\wbem\repository
2010-06-19 09:39 . 2010-06-19 09:39 -------- d-----w- c:\users\Anita\AppData\Roaming\PeerNetworking
2010-06-19 04:58 . 2010-06-19 12:01 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-19 04:12 . 2010-06-19 04:12 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-06-19 04:12 . 2010-06-19 04:12 -------- d-----w- c:\program files\MSECACHE
2010-06-19 03:42 . 2010-06-19 03:42 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-19 03:34 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-06-19 03:33 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-06-19 03:33 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-06-19 03:33 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-06-19 02:33 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-06-19 02:33 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-19 02:33 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-17 08:53 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-17 08:53 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-17 08:24 . 2010-06-17 08:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-17 08:23 . 2010-06-17 08:23 -------- d-----w- c:\users\Anita\AppData\Local\VirtualStore
2010-06-17 02:18 . 2010-06-17 02:18 -------- d-----w- c:\windows\system32\ca-ES
2010-06-17 02:18 . 2010-06-17 02:18 -------- d-----w- c:\windows\system32\eu-ES
2010-06-17 02:18 . 2010-06-17 02:18 -------- d-----w- c:\windows\system32\vi-VN
2010-06-17 02:00 . 2010-06-17 02:00 -------- d-----w- c:\windows\system32\EventProviders
2010-06-17 01:50 . 2009-04-11 06:28 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-06-17 01:25 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-17 01:25 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-17 01:25 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-17 01:25 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-17 01:25 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-17 01:25 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-17 01:25 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-17 01:25 . 2010-06-17 01:25 -------- d-----w- c:\programdata\Alwil Software
2010-06-17 01:25 . 2010-06-17 01:25 -------- d-----w- c:\program files\Alwil Software
2010-06-16 12:01 . 2010-06-16 12:01 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-16 06:57 . 2010-06-16 06:57 -------- d-----w- c:\users\Anita\AppData\Roaming\Leadertech
2010-06-16 06:56 . 2010-06-16 06:56 0 ----a-w- c:\windows\system32\cd.dat
2010-06-14 12:28 . 2010-06-14 12:30 -------- d-----w- c:\users\Anita\AppData\Roaming\QuickScan
2010-06-09 13:51 . 2010-06-09 13:51 -------- d-----w- c:\users\Anita\AppData\Roaming\Malwarebytes
2010-06-09 13:51 . 2010-06-17 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 13:51 . 2010-06-09 13:51 -------- d-----w- c:\programdata\Malwarebytes
2010-06-09 06:42 . 2010-06-09 06:42 -------- d-----w- c:\users\Anita\AppData\Roaming\FireShot
2010-06-08 22:10 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 07:44 . 2010-06-08 07:44 -------- d-----w- c:\users\Anita\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2010-06-08 07:43 . 2010-06-08 07:44 -------- d-----w- c:\program files\Market Samurai
2010-06-05 06:28 . 2010-06-08 07:14 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-06-05 06:27 . 2010-06-05 06:27 691696 ----a-w- c:\windows\system32\drivers\DisabledLisasptd.sys
2010-06-05 06:25 . 2010-06-05 06:41 -------- d-----w- c:\users\Anita\AppData\Roaming\DAEMON Tools Lite
2010-06-05 06:25 . 2010-06-05 06:25 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-06-01 16:04 . 2010-06-01 16:04 -------- d-----w- c:\program files\Common Files\Java
2010-06-01 16:04 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-30 18:42 . 2010-05-30 18:42 -------- d-----w- c:\program files\Mad Scientist Productions
2010-05-30 18:24 . 2010-06-05 09:37 -------- d-----w- C:\Sims 3 Framework Checker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 15:41 . 2010-04-05 08:40 0 ----a-w- c:\users\Anita\AppData\Local\prvlcl.dat
2010-06-19 04:12 . 2010-06-19 04:12 3584 ----a-r- c:\users\Anita\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-06-19 03:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-19 03:41 . 2010-06-19 03:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-06-19 03:41 . 2010-06-19 03:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 02:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 02:19 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-06-16 13:24 . 2009-08-19 23:59 1356 ----a-w- c:\users\Anita\AppData\Local\d3d9caps.dat
2010-06-16 11:58 . 2010-04-05 05:55 -------- d-----w- c:\program files\Ask.com
2010-06-11 14:13 . 2010-04-05 05:55 -------- d-----w- c:\users\Anita\AppData\Roaming\BitTorrent
2010-06-11 13:43 . 2010-02-10 11:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-11 13:43 . 2009-10-29 04:20 -------- d-----w- c:\program files\SENuke
2010-06-09 00:13 . 2009-06-03 00:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 00:06 . 2008-12-04 12:42 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 07:39 . 2008-12-04 12:57 -------- d-----w- c:\program files\Acer GameZone
2010-06-08 07:28 . 2010-01-06 02:33 -------- d-----w- c:\program files\Yahoo!
2010-06-08 07:27 . 2010-01-20 22:45 -------- d-----r- c:\program files\Skype
2010-06-08 07:22 . 2008-12-04 12:57 -------- d-----w- c:\program files\Google
2010-06-08 07:21 . 2008-12-04 12:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 07:19 . 2010-05-14 07:00 -------- d-----w- c:\program files\Free Download Manager
2010-06-05 08:05 . 2009-11-13 14:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-05 08:05 . 2009-11-13 14:31 38784 ----a-w- c:\users\Anita\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-05 07:56 . 2009-06-02 16:37 -------- d-----w- c:\programdata\Electronic Arts
2010-06-05 07:38 . 2009-07-31 13:45 -------- d-----w- c:\users\Anita\AppData\Roaming\Azureus
2010-06-05 07:28 . 2009-12-27 04:22 -------- d-----w- c:\program files\Electronic Arts
2010-06-04 02:32 . 2009-07-31 13:40 -------- d-----w- c:\program files\Vuze
2010-05-31 21:34 . 2010-06-14 12:28 702120 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 21:34 . 2010-06-14 12:28 868456 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-26 17:06 . 2010-06-08 22:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-08 22:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 22:50 . 2010-06-05 06:42 73216 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
2010-05-21 19:14 . 2009-10-08 20:50 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-17 14:02 . 2010-05-10 07:41 110 ----a-w- c:\users\Anita\jobq.dat
2010-05-05 18:56 . 2010-05-05 18:56 -------- d-----w- c:\programdata\WindowsSearch
2010-05-04 05:59 . 2010-06-08 22:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 22:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 22:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 22:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-26 21:38 . 2010-04-26 21:38 -------- d-----w- c:\program files\S3 Ripper
2010-04-23 14:13 . 2010-06-08 22:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-18 19:33 . 2010-06-05 06:42 307200 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-04-18 19:33 . 2010-06-05 06:42 172032 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-04-17 19:45 . 2009-01-30 15:40 72680 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-15 23:54 . 2010-04-15 23:54 2238 ----a-r- c:\users\Anita\AppData\Roaming\Microsoft\Installer\{88DC15A9-2ABB-44F7-A597-E5070E6210E5}\_FDFB831D8CC165CB51705F.exe
2010-04-15 23:54 . 2010-04-15 23:54 2238 ----a-r- c:\users\Anita\AppData\Roaming\Microsoft\Installer\{88DC15A9-2ABB-44F7-A597-E5070E6210E5}\_6FEFF9B68218417F98F549.exe
2010-04-08 03:47 . 2009-05-11 03:14 41 ----a-w- c:\users\Anita\jagex_runescape_preferences.dat
2010-04-08 03:22 . 2010-01-27 04:40 69 ----a-w- c:\users\Anita\jagex_runescape_preferences2.dat
2010-04-08 02:22 . 2010-04-08 02:22 0 ----a-w- c:\users\Anita\jagex__preferences3.dat
2010-04-05 17:01 . 2010-06-08 22:16 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-03-26 15:33 . 2010-05-13 03:18 1496064 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-05-13 03:18 43008 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-05-13 03:18 339456 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-05-13 03:18 346112 ----a-w- c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Anita^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-26 05:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihaverenamedswg]
2009-01-30 15:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IhaverenamedWMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2009-11-16 04:13 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-07-03 03:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-30 15:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2009-01-30 16:34 1347584 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e6,59,fa,10,f5,0d,cb,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-17 2800669]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 68.168.215.166:51499
FF - ProfilePath - c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&q=
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-FamilySearch Indexing - c:\windows\system32\javaws.exe
AddRemove-Uninstall FamilySearch Indexing - c:\windows\system32\javaws.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 12:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2672)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-06-23 12:42:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-23 17:42
ComboFix2.txt 2010-06-17 16:28

Pre-Run: 14,321,975,296 bytes free
Post-Run: 13,926,641,664 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - A79C9BEC3141B4C5F571A5DDAAB239F5


ESET[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=980a5b8dd8281d43b154c2a05c070fc9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-23 09:50:30
# local_time=2010-06-23 04:50:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1026 16777214 0 2 6136449 6136449 0 0
# compatibility_mode=5892 16776573 100 100 0 113923050 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244751
# found=1
# cleaned=1
# scan_time=14352
C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7ab0e894-4035ecc1 a variant of Java/TrojanDownloader.Agent.NBA trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7ab0e894-4035ecc1 a variant of Java/TrojanDownloader.Agent.NBA trojan deleted - quarantined



Bit Defender
QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Wed Jun 23 17:16:35 2010
Machine ID: 5292974E

C:\Windows\system32\ivireg.ivr - could not be scanned


No infection found.
-------------------



Processes
---------
<verified> avast! Antivirus 3232 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
<verified> Firefox 2956 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> HD Audio Control Panel 3244 C:\Windows\RtHDVCpl.exe
<verified> Microsoft® Windows® Operating System 2672 C:\Windows\Explorer.exe
<verified> Microsoft® Windows® Operating System 476 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 3048 C:\Windows\system32\NOTEPAD.EXE
<verified> Microsoft® Windows® Operating System 2368 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 1584 C:\Windows\system32\wbem\unsecapp.exe


Network activity
----------------


Autoruns and critical files
---------------------------
<verified> avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
<verified> HD Audio Control Panel C:\Windows\RtHDVCpl.exe
<verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Realtek Voice Manager C:\Windows\Skytel.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> FireShot C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
<unsigned> FireShot C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
<unsigned> FireShot for Internet Explorer c:\users\anita\appdata\roaming\mozilla\firefox\profiles\w43gyyxm.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
<unsigned> FireShot for Internet Explorer C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
<unsigned> fireshot-install.exe C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
<unsigned> frozen.dll C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> googletoolbar-ff2.dll C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> googletoolbar-ff3.dll C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> googletoolbarloader.dll C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> IE Tab Plug-in C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<unsigned> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> BitDefender QuickScan C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified> Fast Search c:\program files\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll
<verified> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
<verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> RoboForm c:\program files\siber systems\ai roboform\roboform.dll
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll


Missing files
-------------
File not found: C:\Users\Anita\AppData\Local\Temp\mbr.sys
referenced in: HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: C:\Windows\System32\appmgmts.dll
referenced in: HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: C:\george\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"


Scan
----
<unsigned> MD5: 1e1a308f4229fab0011a0745ee8377ae C:\Acer\Mobility Center\MobilityService.exe
<unsigned> MD5: 20b2c339361e82a6707533bac481fce4 C:\Program Files\7-Zip\7-zip.dll
<unsigned> MD5: f25247d0e011a643ee60052ce23be05e C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 87af77718e3bfb5a7766f575609c057a C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
<unsigned> MD5: 793ff718477345cd5d232c50bed1e452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: 30c11d027da6df390772146490273fd1 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2cb7c019a1ab8ea3d281c9606d097331 C:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: eed2ce7bd9e43b8500d906d944460d22 C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: a2b6583a5652a385dff5e4f49ad48761 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
<unsigned> MD5: 09e6affae6c0e9158bf05c7d08d0107a C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
<unsigned> MD5: 40b87fe8a1a9a5ac9e5a91d96f212bcd C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
<unsigned> MD5: 37ef1e72eda88258a60ac7f3ba53381e C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
<unsigned> MD5: 7659f46f35a8d014eff3c88aba996982 c:\users\anita\appdata\roaming\mozilla\firefox\profiles\w43gyyxm.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
<unsigned> MD5: 7659f46f35a8d014eff3c88aba996982 C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
<unsigned> MD5: 82b1e5339cc613134a60efcc7c486d57 C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.80.dll
<unsigned> MD5: 82b1e5339cc613134a60efcc7c486d57 C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
<unsigned> MD5: 303b4ee945319406bf428d2738dc9647 C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
<unsigned> MD5: 9f5ad06d6565599d42880cfd6bc06599 C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> MD5: 826b6e50523526fc181813cc877a3ffe C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> MD5: dd82ac3d4044085314a76cacfe22650f C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> MD5: b915513d49997ac7c87872b511c9b0d2 C:\Users\Anita\AppData\Roaming\Mozilla\Firefox\Profiles\w43gyyxm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> MD5: 9da67cb56968f377098ae0c1f7dff971 C:\Windows\system32\GameMon.des


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.04 MB sent, 1.78 KB recvd
Scanned 835 files and modules - 47 seconds

==============================================================================



VEW

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/06/2010 5:27:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/06/2010 5:33:51 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 23/06/2010 5:31:29 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 23/06/2010 5:31:19 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 23/06/2010 5:22:52 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

Log: 'System' Date/Time: 23/06/2010 5:19:33 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/06/2010 5:19:33 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/06/2010 5:19:33 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/06/2010 5:19:33 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 23/06/2010 5:19:08 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/06/2010 5:53:23 PM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 23/06/2010 5:31:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 23/06/2010 5:31:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/06/2010 5:22:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application spoolsv.exe, version 6.0.6002.18005, time stamp 0x49e02592, faulting module LEXLMPM.DLL_unloaded, version 0.0.0.0, time stamp 0x4004c55c, exception code 0xc0000005, fault offset 0x100012db, process id 0x814, application start time 0x01cb12f862d716e8.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/06/2010 5:25:46 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Windows (3584) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 34054144 (0x000000000207a000) for 57344 (0x0000e000) bytes succeeded, but took an abnormally long time (127 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 23/06/2010 5:14:43 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WmiPerfClass, has been registered in the Windows Management Instrumentation namespace root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,137 posts
  • MVP
You can turn things back on and see how you do. Your logs still show some ugly problems:

Possible overheating?
Log: 'System' Date/Time: 23/06/2010 5:53:23 PM
Type: Warning Category: 0
Event: 7 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Possible Hard drive failure?
Log: 'Application' Date/Time: 23/06/2010 5:25:46 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Windows (3584) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 34054144 (0x000000000207a000) for 57344 (0x0000e000) bytes succeeded, but took an abnormally long time (127 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

If you haven't already, you need to save your data. Something is dying for sure.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP