Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trying to solve sudden slowness of PC


  • This topic is locked This topic is locked
7 replies to this topic

#1 dodgechargerfan

dodgechargerfan

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 PM

Posted 08 September 2009 - 03:18 PM

Directed here from the AII section: http://www.bleepingcomputer.com/forums/ind...p;#entry1398790

I've been chasing a problem with sudden slowness on my Vista PC.
Things all started with BSODs and I was suspecting that it was a problem with my virus scanner - F-Secure - because things always seemed to crash on .sys files with filenames way down in the alphabet. vmci.sys and volmgr.sys.
I ran a memtest and ended up taking out 2 GB RAM, leaving me with 4 GB RAM

Since then, I get periods of "Not responding" with Firefox and Winmail.
In hopes to work around this, I have uninstalled Firefos and all of the add-ins that i had and re-installed Firefox.
I also moved over to Thunderbird from Winmail.
Not much really changed.
I cleaned up the system - defrag, scandisk, etc. and used iolo's System Mechanic 9 as well.
Things got a little better, but still not quite right.
I should say that I used to run with just 2 GB of RAM just fine. So, although it might be easy to say, "less RAM equals slower computer." I don't think it should be as bad as it is.

Here is my log from ddr.scr


DDS (Ver_09-07-30.01) - NTFSx86
Run by Dave at 15:10:20.74 on 08/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2021.772 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COGECO Security Services 7.03 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\COGECO Security Services\Common\FSM32.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Windows\system32\igfxsrvc.exe
D:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\COGECO Security Services\Common\FSMB32.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\COGECO Security Services\Common\FCH32.EXE
C:\Program Files\Intel\AMT\LMS.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
D:\Nortel\ESM6000\ESMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
D:\Nortel\ESM6000\jre\bin\rmiregistry.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsqh.exe
C:\Program Files\COGECO Security Services\Common\FAMEH32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\COGECO Security Services\FSPC\fspc.exe
C:\Windows\ehome\ehmsas.exe
D:\Nortel\ESM6000\ESMService.exe
D:\Nortel\ESM6000\jre\bin\java.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\COGECO Security Services\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsaua.exe
C:\Program Files\COGECO Security Services\ORSP Client\fsorsp.exe
C:\Program Files\COGECO Security Services\FWES\Program\fsdfwd.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COGECO Security Services\FSAUA\program\fsus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Dave\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.moparnuts.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
mURLSearchHooks: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7418E5F5-0E48-4144-8F92-5CA791C82396} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE713078-8012-4B75-92BA-398D4642A64B} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
TB: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [cdloader] "c:\users\dave\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: []
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [IntelAudioStudio] "c:\program files\intel audio studio 2.7\IntelAudioStudio.exe" TRAY
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [F-Secure TNB] "c:\program files\cogeco security services\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Manager] "c:\program files\cogeco security services\common\FSM32.EXE" /splash
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CMCService] "c:\program files\ati\catalyst media center\CMCService.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [VMware hqtray] "d:\program files\vmware\vmware player\hqtray.exe"
mRun: [FlyMonitor] "c:\program files\leapfrog\flyworld\bin\FlyMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe
mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe
StartupFolder: c:\users\dave\appdata\roaming\microsoft\windows\start menu\programs\startup\setup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\cogeco security services\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\cogeco security services\fspc\fspcmsie.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {A573D71B-951B-4BAD-B8CC-708AE84769C9} - {32CA105A-BD6C-4AFC-B4D9-346262E9F483}
LSP: c:\program files\cogeco security services\fsps\program\FSLSP.DLL
LSP: d:\program files\vmware\vmware player\vsocklib.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://63.97.125.197/activex/AxisCamControl.cab
DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - hxxp://www.cogeco.com/en/OLS3/fscax.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\e25753gb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT809980&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - moparnuts Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.moparnuts.com/|http://www.dodgecharger.com/forum/index.php|http://www.niagaramopars.com/|http://www.street-legends.com/|http://www.fivebrothersdesign.com/|http://www.usbcar.com/index.html|http://www.dusterdartsportregistry.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT809980&SearchSource=2&q=
FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\e25753gb.default\extensions\{1b7f9eb0-f7b4-46ce-bc02-794390eeebd8}\components\FFExternalAlert.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-7-7 33920]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-14 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-3-28 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-3-28 971552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-10-11 12800]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\cogeco security services\hips\drivers\fshs.sys [2009-7-7 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-2-25 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-2-25 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\cogeco security services\anti-virus\minifilter\fsvista.sys [2009-2-25 12384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2009-1-28 13904]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\cogeco security services\anti-virus\minifilter\fsgk.sys [2009-2-25 100984]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-3-2 128008]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-5-13 19456]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2005-4-24 49024]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-1-5 16896]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\cogeco security services\anti-virus\win2k\fsfilter.sys [2009-2-25 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\cogeco security services\anti-virus\win2k\fsrec.sys [2009-2-25 25184]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-08 11:14 --d----- c:\users\dave\appdata\roaming\mjusbsp
2009-09-04 06:01 0 a------- C:\infect.fstmp
2009-09-04 06:01 0 a------- C:\error.fstmp
2009-09-03 21:44 --d----- c:\program files\JRE
2009-09-03 09:04 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-03 09:04 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 11:23 93,096 a------- c:\windows\system32\IncContxMenu.dll
2009-08-28 14:37 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 23:28 --d----- c:\users\dave\DoctorWeb
2009-08-25 14:27 --d----- c:\program files\Sophos
2009-08-25 09:28 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-25 09:28 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-25 09:28 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-25 09:28 270,848 a------- c:\windows\system32\schannel.dll
2009-08-25 09:27 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-25 09:27 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-25 09:27 72,704 a------- c:\windows\system32\secur32.dll
2009-08-25 09:27 9,728 a------- c:\windows\system32\lsass.exe
2009-08-13 22:17 71,680 a------- c:\windows\system32\atl.dll
2009-08-13 22:16 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-13 22:16 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-13 22:16 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-13 22:15 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-13 22:15 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-13 22:15 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-13 22:15 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-13 22:15 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-13 22:15 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-13 22:15 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-13 08:55 --d----- c:\program files\Conduit
2009-08-12 14:25 --d----- c:\users\dave\appdata\roaming\Nuance
2009-08-12 14:25 --d----- c:\users\dave\appdata\roaming\FLEXnet
2009-08-11 19:31 --d----- c:\users\dave\appdata\roaming\Zeon
2009-08-11 19:30 --d----- c:\programdata\Nuance
2009-08-11 19:30 --d----- c:\progra~2\Nuance
2009-08-11 19:29 --d----- c:\programdata\zeon
2009-08-11 19:29 --d----- c:\progra~2\zeon
2009-08-11 19:28 --d----- c:\program files\Nuance
2009-08-11 13:41 --d----- C:\d673f2203beae94b841fd19b03dc45
2009-08-10 08:09 --d----- C:\symbols
2009-08-10 08:00 --d----- c:\program files\Debugging Tools for Windows (x86)

==================== Find3M ====================

2009-09-03 21:25 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 11:30 2,116,008 a------- c:\windows\system32\Incinerator.dll
2009-08-26 15:42 30,208 a------- c:\windows\system32\iolobtdfg.exe
2009-08-26 15:42 12,288 a------- c:\windows\system32\smrgdf.exe
2009-08-21 19:52 87,608 a------- c:\users\dave\appdata\roaming\inst.exe
2009-08-21 19:52 94,208 a------- c:\users\dave\appdata\roaming\ezplay.sys
2009-08-01 14:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-01 14:19 143,360 a------- c:\windows\inf\infstor.dat
2009-08-01 14:19 86,016 a------- c:\windows\inf\infpub.dat
2009-08-01 14:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 08:35 342 a------- C:\logfile.dat
2009-07-07 13:02 22,983 a------- c:\users\dave\x.exe
2009-06-15 10:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 10:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 10:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 10:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-09 21:16 74 a------- c:\users\dave\appdata\roaming\ftpfile.dat
2008-09-24 08:39 174 a--sh--- c:\program files\desktop.ini
2007-03-06 19:59 13 ----h--- c:\programdata\ě3113.sys
2007-03-06 19:59 13 ----h--- c:\progra~2\ě3113.sys
2007-02-28 19:27 87,608 a------- c:\users\dave\appdata\roaming\ezpinst.exe
2007-02-26 13:25 47,360 a------- c:\users\dave\appdata\roaming\pcouffin.sys
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-07-31 19:55 416 ---sh--- c:\windows\WSYS049.SYS

============= FINISH: 15:16:56.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:11:23 AM

Posted 23 September 2009 - 06:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 dodgechargerfan

dodgechargerfan
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 PM

Posted 23 September 2009 - 07:45 PM

Thank you. I understand you are all quite busy and I appreciate the assistance.

I'm still having the problem with slowness and applications not responding and one other issue has come up since.
I tried to use CTRL-ALT-DELETE to get the task manager started and my PC stalled fro a very long time, then the screen went black, when it came back, I had an error message - "Logon process has failed to create the security options dialog. Failure - Security options"
I have disabled Windows Defender and stopped the Vista Sidebar from loading at startup. That helped somewhat, but PC startup is still intolerably slow.

Here is the output from DDS run just a few minutes ago. I've attached the attach file in zip format as well.

Thanks again.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Dave at 20:28:00.38 on 23/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.2.1033.18.2021.897 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COGECO Security Services 7.03 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fsgk32st.exe
C:\Program Files\COGECO Security Services\Common\FSMA32.EXE
C:\Program Files\COGECO Security Services\Anti-Virus\FSGK32.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
D:\Nortel\ESM6000\ESMService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Nortel\ESM6000\jre\bin\rmiregistry.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\Nortel\ESM6000\ESMService.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\Nortel\ESM6000\jre\bin\java.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\COGECO Security Services\Anti-Virus\fssm32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe
C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\USB TV\EM28XX\BDARemote.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Dave\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\COGECO Security Services\Common\FSLAUNCH.EXE
C:\Users\Dave\Desktop\dds.scr
C:\Program Files\Nuance\PDF Professional 6\NuanceWDS.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.moparnuts.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
mURLSearchHooks: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7418E5F5-0E48-4144-8F92-5CA791C82396} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE713078-8012-4B75-92BA-398D4642A64B} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
TB: moparnuts Toolbar: {1b7f9eb0-f7b4-46ce-bc02-794390eeebd8} - c:\program files\moparnuts\tbmopa.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [cdloader] "c:\users\dave\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [<NO NAME>]
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [IntelAudioStudio] "c:\program files\intel audio studio 2.7\IntelAudioStudio.exe" TRAY
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [F-Secure TNB] "c:\program files\cogeco security services\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Manager] "c:\program files\cogeco security services\common\FSM32.EXE" /splash
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [CMCService] "c:\program files\ati\catalyst media center\CMCService.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [VMware hqtray] "d:\program files\vmware\vmware player\hqtray.exe"
mRun: [FlyMonitor] "c:\program files\leapfrog\flyworld\bin\FlyMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe
mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe
StartupFolder: c:\users\dave\appdata\roaming\microsoft\windows\start menu\programs\startup\setup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\cogeco security services\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\cogeco security services\fspc\fspcmsie.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {A573D71B-951B-4BAD-B8CC-708AE84769C9} - {32CA105A-BD6C-4AFC-B4D9-346262E9F483}
LSP: c:\program files\cogeco security services\fsps\program\FSLSP.DLL
LSP: d:\program files\vmware\vmware player\vsocklib.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://63.97.125.197/activex/AxisCamControl.cab
DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} - hxxp://www.cogeco.com/en/OLS3/fscax.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Notify: igfxcui - igfxdev.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\e25753gb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT809980&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - moparnuts Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.moparnuts.com/|http://www.dodgecharger.com/forum/index.php|http://www.niagaramopars.com/|http://www.street-legends.com/|http://www.fivebrothersdesign.com/|http://www.usbcar.com/index.html|http://www.dusterdartsportregistry.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT809980&SearchSource=2&q=
FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\e25753gb.default\extensions\{1b7f9eb0-f7b4-46ce-bc02-794390eeebd8}\components\FFExternalAlert.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dave\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\e25753gb.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-7-7 33920]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-14 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-3-28 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-3-28 971552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-10-11 12800]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\cogeco security services\hips\drivers\fshs.sys [2009-7-7 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2009-2-25 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-2-25 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\cogeco security services\anti-virus\minifilter\fsvista.sys [2009-2-25 12384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 ESMScheduler;ESM Scheduler;d:\nortel\esm6000\ESMService.exe [2007-8-30 49152]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-5 615344]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-9-5 615344]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2009-1-28 13904]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-6-30 134944]
R2 RMIRegistry;RMIRegistry;d:\nortel\esm6000\ESMService.exe [2007-8-30 49152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\cogeco security services\anti-virus\minifilter\fsgk.sys [2009-2-25 99960]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-3-2 128008]
S2 gupdate1ca04a389749620;Google Update Service (gupdate1ca04a389749620);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]
S3 ACBO;ACBO; [x]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-5-13 19456]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\cogeco security services\orsp client\fsorsp.exe [2009-7-7 55904]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2003-11-11 22891]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2005-4-24 49024]
S3 RHRZMH;RHRZMH; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-14 348752]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-1-5 16896]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\cogeco security services\anti-virus\win2k\fsfilter.sys [2009-2-25 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\cogeco security services\anti-virus\win2k\fsrec.sys [2009-2-25 25184]
S4 XATOEQYO;XATOEQYO; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-17 15:43 13 a------- c:\windows\system32\WinSys32.crc
2009-09-14 13:51 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-14 13:51 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-14 13:51 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-14 13:51 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-14 13:51 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-14 13:51 10,240 a------- c:\windows\system32\finger.exe
2009-09-14 13:51 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-14 13:51 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-14 13:51 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-14 13:51 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-14 13:51 17,920 a------- c:\windows\system32\netevent.dll
2009-09-14 13:49 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-14 13:49 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-14 13:49 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-14 13:49 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-14 13:49 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-14 13:49 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-14 13:43 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-12 20:32 <DIR> --d----- c:\program files\A-PDF Restrictions Remover
2009-09-12 14:15 <DIR> --d----- c:\programdata\MumboJumbo
2009-09-12 14:15 <DIR> --d----- c:\progra~2\MumboJumbo
2009-09-11 15:56 <DIR> --d----- c:\program files\TweetDeck
2009-09-10 14:38 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-10 14:38 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-10 14:36 <DIR> --d----- c:\program files\iPod
2009-09-10 14:36 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-10 14:36 <DIR> --d----- c:\program files\iTunes
2009-09-10 14:36 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 11:14 <DIR> --d----- c:\users\dave\appdata\roaming\mjusbsp
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-04 06:01 13,274 a------- C:\error.fstmp
2009-09-04 06:01 571 a------- C:\infect.fstmp
2009-09-03 21:44 <DIR> --d----- c:\program files\JRE
2009-09-03 09:04 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-03 09:04 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 11:23 93,096 a------- c:\windows\system32\IncContxMenu.dll
2009-08-28 14:37 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 23:28 <DIR> --d----- c:\users\dave\DoctorWeb
2009-08-25 14:27 <DIR> --d----- c:\program files\Sophos
2009-08-25 09:28 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-25 09:28 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-25 09:28 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-25 09:28 270,848 a------- c:\windows\system32\schannel.dll
2009-08-25 09:27 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-25 09:27 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-25 09:27 72,704 a------- c:\windows\system32\secur32.dll
2009-08-25 09:27 9,728 a------- c:\windows\system32\lsass.exe

==================== Find3M ====================

2009-09-17 16:52 77 a------- c:\users\dave\appdata\roaming\ftpfile.dat
2009-09-10 14:28 143,360 a------- c:\windows\inf\infstor.dat
2009-09-10 14:28 86,016 a------- c:\windows\inf\infpub.dat
2009-09-10 14:28 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-03 21:25 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-28 22:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 22:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 22:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 22:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 11:30 2,116,008 a------- c:\windows\system32\Incinerator.dll
2009-08-26 15:42 30,208 a------- c:\windows\system32\iolobtdfg.exe
2009-08-26 15:42 12,288 a------- c:\windows\system32\smrgdf.exe
2009-08-21 19:52 87,608 a------- c:\users\dave\appdata\roaming\inst.exe
2009-08-21 19:52 94,208 a------- c:\users\dave\appdata\roaming\ezplay.sys
2009-08-01 14:08 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 08:35 342 a------- C:\logfile.dat
2009-07-17 09:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 08:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 08:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 08:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 08:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-07 13:02 22,983 a------- c:\users\dave\x.exe
2008-09-24 08:39 174 a--sh--- c:\program files\desktop.ini
2007-03-06 19:59 13 ----h--- c:\programdata\ě3113.sys
2007-03-06 19:59 13 ----h--- c:\progra~2\ě3113.sys
2007-02-28 19:27 87,608 a------- c:\users\dave\appdata\roaming\ezpinst.exe
2007-02-26 13:25 47,360 a------- c:\users\dave\appdata\roaming\pcouffin.sys
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-07-31 19:55 520 ---sh--- c:\windows\WSYS049.SYS

============= FINISH: 20:31:46.67 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 28 September 2009 - 08:00 PM

Hi dodgechargerfan,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 dodgechargerfan

dodgechargerfan
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 PM

Posted 28 September 2009 - 08:36 PM

*raises hand*
I'm here! :(

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 29 September 2009 - 03:59 PM

Hey,

This doesn't look like a malware log to me, dodgechargerfan.

I will certainly set you some scans to double check if you want but I would head straight over to the Vista forum with the results of this scan.

Please download SINO by Artellos from here
  • Save SINO to a place you can remember and run SINO.exe.
  • Then please check the following checkboxes:
    System Info
    Services
    Boot Check
    Tasklist
    Startup Items
    Ipconfig
    Ping
    Netstat
    Hosts file
    Shares
    Routing Table
  • Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  • A notepad file will pop up, Please copy and paste the content of the notepad into your next reply.
Note: If you try to interact with the program once it's started scanning it might appear to hang. The scan however will continue.

I will leave it up to you if you want to continue with me first though. Let me know. :(
Posted Image
m0le is a proud member of UNITE

#7 dodgechargerfan

dodgechargerfan
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 PM

Posted 29 September 2009 - 04:15 PM

Thanks. I was directed here from the AAI section, but I understand this one is odd.

I've never had anything come up in scans, but the problem persists.

I've even had the BSOD on the same file as before (vmci.sys) and I've got the other pair of memory sticks in there. I switched them before this thread started, but the error just happened again two days ago.

As for SINO, it won't even run. I just get an error dialog referring me to the log file, Which is:
Traceback (most recent call last):
File "SINO.py", line 902, in <module>
File "SINO.py", line 781, in SINO
File "Tkinter.pyc", line 1515, in wm_iconbitmap
_tkinter.TclError: bitmap "SINO.ico" not defined


Anyway, my next thought is to disabled the scheduled scans that my F-Secure is doing as that seems to be the cause of the BSOD - running out of memory at around the v*.* files in windows.system...
I don't see how that will change the "Not Responding" issue, but it's a start.

I'm also going to start uninstalling programs and see if that helps. Specifically, I want to clear out anything that added a CODEC and try to start fresh. CODECs have always been a problem but not really affecting the performance of the PC - just not being able to open certain files. I understand why, but I'm wondering if all my attempts to get things sorted out have just messed things up. That runndll32 error always comes up when dealing with media: video AND pictures , though..

Sorry. I'm rambling. Thanks for checking the logs for me. I'll keep digging, but go ahead and close this one off.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:23 PM

Posted 29 September 2009 - 04:29 PM

Okay, will do. PM me if you want to come back on this one.

--------------------------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users