Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is beginning to run slow...


  • This topic is locked This topic is locked
17 replies to this topic

#1 Mikazumi

Mikazumi

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 20 May 2009 - 07:47 AM

As my topic says, my PC (also the internet) has suddenly begun to run really slow. My internet also has a tendency to disconnect at times in which my PC is the only one that is disconnected from the internet (There are 4 PCs connected but mine seems to be the only infected one :thumbup2:) Here is my DDS log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Lauren at 20:18:22.17 on Wed 20/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.1011 [GMT 8:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Windows\vVX3000.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Users\Lauren\Documents\Downloads\Programs\HiJack This\HiJackThis.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lauren\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [WindowsLivePhone] "c:\progra~1\msnmes~1\device~1\msgrdvmn.exe" /AutoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Corel Painter Essentials 21a] c:\program files\corel\corel painter essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=112107 serial=PE02CBX-0000003-NMD lang=EN
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\lauren\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\fwycjbaw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-19 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-19 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-19 298776]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-12-1 1373480]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2008-11-12 46592]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-05-20 18:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 18:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 18:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-19 20:34 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-19 20:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-19 20:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-19 20:23 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-19 20:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-19 20:23 <DIR> --d----- c:\programdata\avg8
2009-05-19 20:23 <DIR> --d----- c:\progra~2\avg8
2009-05-17 15:55 <DIR> a-d----- c:\programdata\TEMP
2009-05-17 15:54 <DIR> --d----- c:\program files\PerformanceTest

==================== Find3M ====================

2009-05-19 21:31 86,016 a------- c:\windows\inf\infstor.dat
2009-05-19 21:31 51,200 a------- c:\windows\inf\infpub.dat
2009-05-19 21:31 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-17 11:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 11:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 11:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 12:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 12:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 12:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 12:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 12:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 12:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 12:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 12:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 12:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 12:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 11:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 10:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 10:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-10-31 06:58 30 a------- c:\users\lauren\jagex_runescape_preferences.dat
2008-08-10 14:34 174 a--sh--- c:\program files\desktop.ini
2008-08-10 14:25 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-15 11:41 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-15 11:41 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-15 11:41 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:20:12.50 ===============

Hopefully you can help me out.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:17 PM

Posted 01 June 2009 - 11:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 03 June 2009 - 05:53 AM

Hey, thanks for the reply. Computer seems to have gotten faster but better to be safe than sorry! (It also likes to slow down after I say that it's gotten faster) Here's my log and attach:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Lauren at 18:36:21.09 on Wed 03/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.1070 [GMT 8:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\vVX3000.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lauren\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Corel Painter Essentials 21a] c:\program files\corel\corel painter essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=112107 serial=PE02CBX-0000003-NMD lang=EN
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\lauren\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\fwycjbaw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-19 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-19 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-19 298776]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-12-1 1373480]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-4-27 47104]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-27 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-05-27 19:14 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-05-27 19:12 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-05-27 19:11 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-25 18:26 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-05-25 17:31 <DIR> --d----- c:\windows\system32\AGEIA
2009-05-25 16:44 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-05-25 15:56 <DIR> --d----- c:\users\lauren\Tracing
2009-05-25 15:55 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-05-25 15:53 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-05-25 15:51 <DIR> --d----- c:\program files\Microsoft
2009-05-25 15:37 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-24 15:49 <DIR> --d----- c:\program files\PerformanceTest
2009-05-22 22:02 157,152 a------- c:\windows\system32\PubPlugin.dll
2009-05-22 22:02 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2009-05-22 22:02 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-05-22 22:02 66,992 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-22 22:02 <DIR> --d----- c:\program files\NHN USA
2009-05-20 18:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 18:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 18:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-19 20:34 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-19 20:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-19 20:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-19 20:23 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-19 20:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-19 20:23 <DIR> --d----- c:\programdata\avg8
2009-05-19 20:23 <DIR> --d----- c:\progra~2\avg8
2009-05-17 15:55 <DIR> a-d----- c:\programdata\TEMP

==================== Find3M ====================

2009-05-25 18:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-25 18:07 86,016 a------- c:\windows\inf\infstor.dat
2009-05-25 18:07 51,200 a------- c:\windows\inf\infpub.dat
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-05-01 00:30 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:30 81,920 a------- c:\windows\system32\nvwddi.dll
2009-05-01 00:30 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 8,055,584 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-27 01:55 47,104 a------- c:\windows\system32\drivers\l160x86.sys
2009-04-27 00:42 457,248 a------- c:\windows\system32\nvuninst.exe
2009-04-03 12:39 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-03-17 11:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 11:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 11:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 19:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 19:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 19:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 19:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 19:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 19:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 19:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 19:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 19:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 19:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 19:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 19:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 19:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 19:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 19:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 19:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 19:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 19:22 156,160 a------- c:\windows\system32\msls31.dll
2008-10-31 06:58 30 a------- c:\users\lauren\jagex_runescape_preferences.dat
2008-08-10 14:34 174 a--sh--- c:\program files\desktop.ini
2008-08-10 14:25 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-15 11:41 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-15 11:41 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-15 11:41 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 18:36:32.57 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 04 June 2009 - 05:40 PM

Hey mikazumi,

The log looks clean. Just a few things though.

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Next

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Also

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Finally let's run a Kaspersky scan to check for remnants of baddies

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 05 June 2009 - 05:23 AM

Okay, I went through every step I could (I did not find any traces of Viewpoint on my computer, strangely). I'll just explain that after I downloaded the new Java, the power went out, I'm not sure if it's got to do with any errors I have at the moment...but every time I open firefox it opens a box titled 'Malformed File'. It says "Firefox could not install this item because "install.rdf" (provided by the item) is not well-formed or does not exist. Please contact the author about this problem". I've never come across this before but its just happened after that power out. Also, I cannot run the Kaspersky Online Scanner. It attempts to load the page, but then Firefox just closes with no warning. I did try to run this scanner in the past I know, but it never closed down on me (just my computer was too slow to even get to beginning the scan).

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 05 June 2009 - 12:10 PM

Hi Mikazumi,

That's an odd reaction. Let's take another look at your PC.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop as gamers:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 05 June 2009 - 10:19 PM

Alright, I ran both of those and here are my results:

GMER:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-06 11:13:15
Windows 6.0.6001 Service Pack 1


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00080002
IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00080000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


OTViewIt:

OTViewIt logfile created on: 6/06/2009 11:14:27 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Lauren\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.67% Memory free
4.00 Gb Paging File | 2.78 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 215.17 Gb Free Space | 72.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 15:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 15:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2009/03/28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2008/01/19 15:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 17:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/19 15:33:39 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2008/01/19 15:33:23 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
[2009/02/06 06:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/06 06:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/11/07 13:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/05/19 20:23:12 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/05/17 13:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
[2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[2007/09/07 10:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
[2009/05/19 20:23:14 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/05/19 20:23:14 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2008/05/27 13:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/02/06 06:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009/02/06 06:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/01/19 15:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 15:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 15:33:39 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2008/01/19 15:33:23 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
[2008/01/19 15:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2007/09/07 10:16:50 | 00,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
[2007/09/07 10:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
[2008/01/19 15:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007/04/11 00:01:32 | 04,431,872 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2007/04/10 13:46:48 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
[2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[2008/11/20 12:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2009/05/19 20:23:14 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/08/21 11:16:56 | 00,267,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
[2006/11/02 17:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2009/02/06 06:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/12/22 14:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
[2009/06/05 18:10:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2008/04/29 19:47:57 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/11/20 12:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
[2009/04/24 12:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe
[2008/01/19 15:33:12 | 00,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
[2008/05/27 13:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 13:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/06/06 11:14:10 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
File not found -- -- (AdobeActiveFileMonitor [Auto | Stopped])
[2008/11/07 13:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2009/02/06 06:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009/02/06 06:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/06 06:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2009/02/06 06:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2009/05/19 20:23:12 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/28 02:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/19 15:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/19 15:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 15:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 20:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/04/29 19:47:57 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/06/20 09:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
[2008/11/20 12:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2007/05/17 13:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
[2008/12/21 12:51:23 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2007/01/05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008/06/20 09:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2009/02/17 08:42:00 | 02,741,114 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
[2009/03/28 00:03:00 | 00,207,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PhotoshopElementsDeviceConnect [Auto | Stopped])
[2008/01/19 15:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
[2008/01/19 15:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 17:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/09/07 10:16:18 | 01,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen [Auto | Running])
[2008/01/19 15:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/19 15:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (Viewpoint Manager Service [Disabled | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/19 15:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/27 13:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 17:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 17:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 17:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 17:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 17:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 17:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 17:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 17:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 16:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 16:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 17:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 17:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2009/02/06 06:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2009/02/06 06:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
[2009/02/06 06:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
[2009/02/06 06:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2009/02/06 06:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2009/04/27 01:55:42 | 00,047,104 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001 [On_Demand | Running])
[2009/05/19 20:23:18 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/05/19 20:23:15 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/05/19 20:23:23 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2008/01/19 13:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 16:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 16:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 16:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 16:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 16:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 16:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 16:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 16:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 15:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 17:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 17:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 16:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 13:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/02 09:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 15:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 15:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 17:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/19 13:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 15:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 13:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
[2006/11/02 17:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2008/10/25 11:37:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])
[2006/11/02 15:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/19 12:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 16:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 16:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 17:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 17:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 17:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2007/04/11 03:05:38 | 01,764,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 16:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 15:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 17:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 17:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/19 13:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/01/19 13:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 17:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 17:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 17:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 13:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 17:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/19 13:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 17:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 13:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 17:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/27 09:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 13:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 17:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 17:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 15:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 15:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2006/10/18 21:44:48 | 00,007,680 | ---- | M] () -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/05/20 10:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 17:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 13:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 15:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2009/03/28 00:03:00 | 07,738,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 17:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 17:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 17:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 17:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2001/04/10 04:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\Windows\System32\drivers\PenClass.sys -- (PenClass [Boot | Running])
[2008/04/05 09:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/11/02 17:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 17:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 13:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/19 13:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 14:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 13:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2009/04/09 20:39:18 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009/04/09 20:39:18 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2006/11/02 17:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 14:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 13:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 16:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 16:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 16:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 17:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 17:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 17:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 13:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/19 15:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/19 13:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 13:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 17:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 17:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 17:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/19 13:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/19 13:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/19 14:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/19 13:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 13:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 17:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 17:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 17:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 17:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 17:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 13:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/01/19 13:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2006/11/02 16:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 16:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 16:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 17:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 15:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 15:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 17:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2007/04/10 13:46:48 | 01,966,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000 [On_Demand | Running])
[2007/02/16 10:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
[2006/11/02 16:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2007/02/16 09:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid [On_Demand | Running])
[2007/02/15 15:11:28 | 00,011,440 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid [On_Demand | Running])
[2006/11/02 17:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 15:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 16:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/19 13:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [System | Running])
[2004/04/22 07:27:56 | 00,090,534 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com.au/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com.au/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2009/04/16 14:51:52 | 00,000,000 | ---D | M]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5C255C8A-E604-49b4-9D64-90988571CECB} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (HKLM) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" (HKLM) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2009/04/16 14:51:52 | 00,000,000 | ---D | M]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"Corel Painter Essentials 21a"=C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=112107 serial=PE02CBX-0000003-NMD lang=EN File not found
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
"LifeChat"="c:\Program Files\Microsoft LifeChat\LifeChat.exe" (Microsoft Corporation)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"Skytel"=Skytel.exe (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"VX3000"=C:\Windows\vVX3000.exe (Microsoft Corporation)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"WindowsLivePhone"=C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WindowsLivePhone"="C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"WindowsLivePhone"="C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/04/03 18:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/04/03 18:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blog This -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blog This in Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2009/02/06 18:07:54 | 00,187,248 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %AppData%\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU File not found

========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
Extension\.spop: -- C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_14
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_14
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_14
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}: https://secure.gopetslive.com/dev/GoPetsWeb.cab -- GoPetsWeb Control

========== (O17) DNS Name Servers ==========

{1EFA6559-B51D-4D8E-BBA7-4FCBB601626F} (Servers: | Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller)
{843FCF9C-CE05-4B97-A1C2-64163DAA0680} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2009/05/19 20:23:25 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 15:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 15:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/19 05:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e89332af-85bf-11dc-afd5-806e6f6e6963}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e89332af-85bf-11dc-afd5-806e6f6e6963}\Shell\AutoRun\command]
""=D:\Player.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/06 10:51:59 | 00,000,848 | ---- | C] () -- C:\Users\Lauren\Desktop\yjugsiuh.exe - Shortcut.lnk
[2009/06/05 16:06:02 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/06/05 16:06:01 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/06/05 16:06:00 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/06/05 16:05:48 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/06/05 16:05:44 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/06/05 16:05:44 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/06/05 16:05:08 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/06/05 16:05:08 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/06/05 16:05:08 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/06/05 16:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/30 12:14:26 | 00,001,523 | ---- | C] () -- C:\Users\Lauren\Desktop\i j j i.lnk
[2009/05/27 19:14:23 | 00,055,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/05/27 19:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/05/27 19:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/05/27 19:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/05/27 19:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/05/26 17:34:42 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/25 18:26:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/05/25 17:58:47 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/25 17:58:47 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/25 17:58:47 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/25 17:58:47 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/25 17:58:47 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/25 17:58:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/25 17:58:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/25 17:58:47 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/25 17:58:47 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/25 17:58:47 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/25 17:58:47 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/25 17:58:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/25 17:58:47 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/25 17:58:46 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/25 17:58:46 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/25 17:58:46 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/25 17:58:46 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/25 17:58:46 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/25 17:58:46 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/25 17:58:46 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/25 17:58:46 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/25 17:58:46 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/25 17:58:46 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/25 17:58:46 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/25 17:58:46 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/25 17:58:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/25 17:58:46 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/25 17:58:46 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/25 17:58:46 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/25 17:58:45 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/25 17:58:45 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/25 17:58:45 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/25 17:58:45 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/25 17:58:45 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/25 17:58:45 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/25 17:58:45 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/25 17:58:45 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/25 17:58:45 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/25 17:58:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/25 17:58:44 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/25 17:58:44 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/25 17:58:44 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/25 17:58:44 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/25 17:58:44 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/25 17:58:44 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/25 17:58:44 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/25 17:58:44 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/25 17:58:44 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/25 17:58:44 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/25 17:58:44 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/25 17:58:44 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/25 17:58:44 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/25 17:58:44 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/25 17:58:43 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/25 17:58:42 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/25 17:31:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2009/05/25 17:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/05/25 16:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/05/25 16:44:11 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Roaming\SystemRequirementsLab
[2009/05/25 16:08:49 | 00,001,078 | ---- | C] () -- C:\Users\Lauren\Documents\tra-la-laa@live.com Sharing Folders Archive.lnk
[2009/05/25 16:02:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/05/25 15:58:20 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\WLDM
[2009/05/25 15:56:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/05/25 15:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/05/25 15:53:47 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/05/25 15:51:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/05/25 15:51:34 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/05/25 15:47:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeChat
[2009/05/25 15:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/05/24 22:03:13 | 00,351,666 | ---- | C] () -- C:\Users\Lauren\Documents\My crappy lame msn =3.jpg
[2009/05/24 15:49:21 | 00,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2009/05/22 22:02:23 | 00,157,152 | ---- | C] (NHN Corporation) -- C:\Windows\System32\PubPlugin.dll
[2009/05/22 22:02:23 | 00,058,800 | ---- | C] (NHN USA Corp.) -- C:\Windows\System32\ijjiPlugin2.dll
[2009/05/22 22:02:22 | 00,710,064 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2009/05/22 22:02:22 | 00,066,992 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2009/05/22 22:02:22 | 00,000,000 | ---D | C] -- C:\Program Files\NHN USA
[2009/05/20 18:07:44 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 18:07:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/20 18:07:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/20 18:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/19 20:34:22 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/05/19 20:23:26 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/05/19 20:23:25 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/05/19 20:23:23 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/05/19 20:23:18 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/19 20:23:15 | 36,839,767 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/05/19 20:23:15 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/05/19 20:23:15 | 00,434,673 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/05/19 20:23:15 | 00,065,017 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/05/19 20:23:15 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/19 20:23:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/05/19 20:23:12 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/05/17 18:39:52 | 03,776,234 | ---- | C] () -- C:\Users\Lauren\Desktop\Yiruma - 04 River Flows In You.mp3
[2009/05/17 15:55:14 | 00,000,000 | ---D | C] -- C:\Users\Lauren\Documents\PassMark
[2009/05/17 15:55:04 | 00,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\PassMark
[2009/05/17 15:55:04 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:6DFF1A8A
[2009/05/09 11:49:16 | 04,401,026 | ---- | C] () -- C:\Users\Lauren\Desktop\201347_SC_s___Hyper_Bounce.___1st.mp3

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/06/06 10:51:59 | 00,000,848 | ---- | M] () -- C:\Users\Lauren\Desktop\yjugsiuh.exe - Shortcut.lnk
[2009/06/06 10:49:35 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/06 10:49:35 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/06 10:49:35 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/06 10:45:00 | 36,839,767 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/06 10:45:00 | 00,065,017 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/06 10:43:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/06 10:43:14 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/06 10:43:14 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/06 10:43:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/06 10:43:05 | 21,466,89024 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/05 18:04:06 | 02,667,805 | -H-- | M] () -- C:\Users\Lauren\AppData\Local\IconCache.db
[2009/06/05 17:42:34 | 00,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/06/05 17:42:34 | 00,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2009/06/05 16:06:02 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/06/05 16:05:40 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/05/30 12:14:26 | 00,001,523 | ---- | M] () -- C:\Users\Lauren\Desktop\i j j i.lnk
[2009/05/26 17:34:42 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/05/25 19:54:34 | 00,001,078 | ---- | M] () -- C:\Users\Lauren\Documents\tra-la-laa@live.com Sharing Folders Archive.lnk
[2009/05/25 18:26:26 | 00,100,720 | ---- | M] () -- C:\Users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/25 18:24:50 | 01,711,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/25 18:01:35 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/05/25 18:00:35 | 00,001,776 | ---- | M] () -- C:\Users\Lauren\Desktop\IMVU.lnk
[2009/05/25 15:52:20 | 00,000,760 | ---- | M] () -- C:\Users\Lauren\Documents\My Sharing Folders.lnk
[2009/05/24 22:03:14 | 00,351,666 | ---- | M] () -- C:\Users\Lauren\Documents\My crappy lame msn =3.jpg
[2009/05/20 18:07:44 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/19 20:23:26 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/05/19 20:23:25 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/05/19 20:23:23 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/05/19 20:23:18 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/05/19 20:23:15 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/05/19 20:23:15 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/05/19 20:23:15 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/05/17 18:41:54 | 03,776,234 | ---- | M] () -- C:\Users\Lauren\Desktop\Yiruma - 04 River Flows In You.mp3
[2009/05/13 17:53:04 | 00,001,356 | ---- | M] () -- C:\Users\Lauren\AppData\Local\d3d9caps.dat
[2009/05/12 20:48:28 | 00,710,064 | ---- | M] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2009/05/09 11:50:26 | 04,401,026 | ---- | M] () -- C:\Users\Lauren\Desktop\201347_SC_s___Hyper_Bounce.___1st.mp3
[2009/05/07 15:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >


OTViewIt Extras logfile created on: 6/06/2009 11:14:27 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Lauren\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.67% Memory free
4.00 Gb Paging File | 2.78 Gb Available in Paging File | 69.56% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 215.17 Gb Free Space | 72.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAUREN-PC
Current User Name: Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
"UacDisableNotify"=0
"InternetSettingsDisableNotify"=0
"AutoUpdateDisableNotify"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/12 15:19:38 | 00,178,040 | ---- | M] (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/05/19 20:23:15 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 18:52:44 | 00,062,304 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 18:53:40 | 00,791,392 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2008/10/25 09:27:54 | 00,044,408 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}"=Windows Live Messenger
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}"=Nero 7 Essentials
"{1C4551A6-4743-4093-91E4-1477CD655043}"=NVIDIA PhysX
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server
"{1DCC7418-2089-4BDD-B321-3771956160FC}"=ijji Auto Installer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}"=Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}"=Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}"=Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}"=Windows Live Photo Gallery
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{45338B07-A236-4270-9A77-EBB4115517B5}"=Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}"=Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}"=Junk Mail filter update
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}"=Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}"=Microsoft LifeCam
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}"=Windows Live Mail
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}"=Windows Live Device Manager
"{66039B36-96AE-40D1-8A32-071F7A61B738}"=Microsoft LifeChat
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}"=Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6C11D561-620B-47DA-A693-4C597F3CDF40}"=EPSON Smart Panel
"{6E19F210-3813-4002-B561-94D66AA182B6}"=Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}"=Windows Live Movie Maker Beta
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}"=Windows Live Family Safety
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}"=Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}"=Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}"=Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}"=Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}"=Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}"=Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}"=Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}"=Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}"=Windows Live Sync
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}"=OGA Notifier 1.7.0105.35.0
"{B2EFE303-A594-11D5-95EB-005004BC1C65}"=EPSON PhotoQuicker3.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}"=Adobe Flash Player 9 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}"=Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}"=Windows Live Essentials
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}"=LightScribe 1.4.124.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}"=Windows Live Call
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"avast!"=avast! Antivirus
"AVG8Uninstall"=AVG Free 8.5
"CCleaner"=CCleaner (remove only)
"Diner Dash + Together"=Diner Dash + Together
"ENTERPRISE"=Microsoft Office Enterprise 2007
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Scanner"=EPSON Scan
"Gunbound Revolution_is1"=Gunbound Revolution
"Gunz"=ijji - Gunz
"HijackThis"=HijackThis 2.0.2
"LimeWire"=LimeWire 4.14.10
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)"=Mozilla Firefox (3.0.10)
"NVIDIA Drivers"=NVIDIA Drivers
"Pen Tablet Driver"=Pen Tablet
"PerformanceTest_is1"=PerformanceTest v6.1
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SystemRequirementsLab"=System Requirements Lab
"WinLiveSuite_Wave3"=Windows Live Essentials
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher"=ijji FireFox Launcher 1.0
"ijji.com"=ijji
"IMVU Avatar chat client software BETA"=IMVU Avatar Chat Software

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-380199184-249033340-789756250-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher"=ijji FireFox Launcher 1.0
"ijji.com"=ijji
"IMVU Avatar chat client software BETA"=IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/09/2008 10:47:07 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application LifeTray.exe, version 1.30.175.0, time stamp
0x4587138e, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x1580, application
start time 0x01c91b2fbbe6759c.

Error - 22/09/2008 5:01:10 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application LifeTray.exe, version 1.30.175.0, time stamp
0x4587138e, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x4e8, application
start time 0x01c91c91c13d9297.

Error - 25/09/2008 3:56:36 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application LifeTray.exe, version 1.30.175.0, time stamp
0x4587138e, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x1758, application
start time 0x01c91ee43b9f41a4.

Error - 25/09/2008 8:58:39 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application LifeTray.exe, version 1.30.175.0, time stamp
0x4587138e, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x12dc, application
start time 0x01c91f0e6db5baaf.

Error - 26/09/2008 4:41:57 AM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application xfire.exe, version 1.0.0.13133, time stamp 0x4863f5c8,
faulting module npggNT.des, version 2008.6.10.1, time stamp 0x4861ada2, exception
code 0xc0000005, fault offset 0x00007c74, process id 0x2f0, application start time
0x01c91faa93bb3f0c.

Error - 27/09/2008 8:06:13 AM | Computer Name = Lauren-PC | Source = Application Hang | ID = 1002
Description = The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1200 Start Time: 01c920921b3e05e0 Termination Time: 2188

Error - 29/09/2008 1:02:13 PM | Computer Name = Lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application LifeTray.exe, version 1.30.175.0, time stamp
0x4587138e, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d,
exception code 0xe06d7363, fault offset 0x000442eb, process id 0x134, application
start time 0x01c922551b654abf.

Error - 30/09/2008 3:16:14 AM | Computer Name = Lauren-PC | Source = VSS | ID = 8194
Description =

Error - 4/10/2008 6:12:18 AM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/10/2008 6:13:59 AM | Computer Name = Lauren-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 5/06/2009 6:13:08 AM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/06/2009 6:14:26 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/06/2009 6:14:26 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/06/2009 6:14:26 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/06/2009 6:14:26 AM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 5/06/2009 10:43:16 PM | Computer Name = Lauren-PC | Source = HTTP | ID = 15016
Description =

Error - 5/06/2009 10:44:53 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/06/2009 10:44:53 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/06/2009 10:44:53 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/06/2009 10:44:53 PM | Computer Name = Lauren-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Thanks!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 06 June 2009 - 05:30 AM

Still looks okay. :thumbup2:

Let's do a bit of clearing up.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

Then close Firefox and then reopen it.


Then please run an online scan

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :)
Posted Image
m0le is a proud member of UNITE

#9 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 June 2009 - 06:48 PM

Hey, sorry about the delay, it's just I have exams ^^; and I've been studying and using this computer to do so with. I will try and do the scan ASAP, I'm just letting you know I'm still here!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 07 June 2009 - 06:52 PM

No problem, thanks for letting me know.

Good luck with the exams and I'll wait to hear from you. I will bump the topic in 5 days just to check you're still here. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 13 June 2009 - 04:38 AM

Hi Mizakumi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#12 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 June 2009 - 05:32 AM

Hey, I'm still here. All my exams are done, and I'll be running the scan as soon as I can.

EDIT: I tried to run the scanner 3 times, and it would not go past the update progress (even when it said it was 100% updated and I left it like that for over an hour) :/

Edited by Mikazumi, 15 June 2009 - 04:45 AM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 19 June 2009 - 04:47 PM

Hi Mikazumi,

This topic has been open for some time and I need you to start running the fix.

As this has taken so long to start, please post a fresh DDS log.

If you haven't done this in 24 hours I will close the topic as inactive.
Posted Image
m0le is a proud member of UNITE

#14 Mikazumi

Mikazumi
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 19 June 2009 - 10:23 PM

Okay, I'm still here and here's a fresh DDS log and the Attach as well:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Lauren at 11:17:48.28 on Sat 20/06/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2047.1005 [GMT 8:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\vVX3000.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lauren\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Corel Painter Essentials 21a] c:\program files\corel\corel painter essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=112107 serial=PE02CBX-0000003-NMD lang=EN
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\lauren\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\fwycjbaw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-5 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-19 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-19 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-5 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-5 51792]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-19 298776]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-12-1 1373480]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-4-27 47104]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe --> c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-5-27 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-06-16 18:47 <DIR> --d----- c:\users\lauren\appdata\roaming\Sibelius Software
2009-06-15 22:04 <DIR> --d----- c:\program files\Sibelius Software
2009-06-15 22:03 462 a------- c:\windows\{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}_WiseFW.ini
2009-06-14 04:45 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 04:45 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 04:45 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 04:45 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 04:45 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-10 10:17 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-05 16:05 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-05-27 19:14 55,280 a------- c:\windows\system32\drivers\fssfltr.sys
2009-05-27 19:12 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-05-27 19:11 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-25 18:26 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-05-25 17:31 <DIR> --d----- c:\windows\system32\AGEIA
2009-05-25 16:44 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-05-25 15:56 <DIR> --d----- c:\users\lauren\Tracing
2009-05-25 15:55 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-05-25 15:53 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-05-25 15:51 <DIR> --d----- c:\program files\Microsoft
2009-05-25 15:37 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-24 15:49 <DIR> --d----- c:\program files\PerformanceTest
2009-05-22 22:02 157,152 a------- c:\windows\system32\PubPlugin.dll
2009-05-22 22:02 58,800 a------- c:\windows\system32\ijjiPlugin2.dll
2009-05-22 22:02 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-05-22 22:02 66,992 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-22 22:02 <DIR> --d----- c:\program files\NHN USA

==================== Find3M ====================

2009-06-12 13:51 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 18:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-25 18:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-25 18:07 86,016 a------- c:\windows\inf\infstor.dat
2009-05-25 18:07 51,200 a------- c:\windows\inf\infpub.dat
2009-05-19 20:23 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-19 20:23 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-09 13:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 13:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-05-01 00:30 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-05-01 00:30 81,920 a------- c:\windows\system32\nvwddi.dll
2009-05-01 00:30 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 8,055,584 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-27 01:55 47,104 a------- c:\windows\system32\drivers\l160x86.sys
2009-04-27 00:42 457,248 a------- c:\windows\system32\nvuninst.exe
2009-04-23 20:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 19:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-03 12:39 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-31 06:58 30 a------- c:\users\lauren\jagex_runescape_preferences.dat
2008-08-10 14:34 174 a--sh--- c:\program files\desktop.ini
2008-08-10 14:25 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-06-15 11:41 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-06-15 11:41 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-06-15 11:41 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 11:19:14.58 ===============


I know there's some program on my computer that causes certain websites to crash my browser >< Something like Java, I don't know. But I noticed as well as Kaspersky online scanner crashing, I tested Runescape and that also crashed the browser, on both Firefox and IE. Weird o.O

Attached Files



#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:17 PM

Posted 20 June 2009 - 04:54 AM

Hi Mikazumi,

Please run the BitDefender online scan

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users