Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown issue


  • This topic is locked This topic is locked
6 replies to this topic

#1 Halloweenscorpio

Halloweenscorpio

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 25 October 2009 - 10:57 AM

Thank you so much for this forum.


DDS (Ver_09-10-24.04) - NTFSx86
Run by user at 10:49:28.20 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1604 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4090115
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL,avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2009-10-24 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-24 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-10-24 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-24 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-24 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-24 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-24 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-10-24 2321208]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-10-24 5832712]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-25 309008]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-1-14 27648]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-10-24 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-10-24 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2009-10-24 27800]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-14 30192]

=============== Created Last 30 ================

2009-10-25 14:47:45 0 d-----w- c:\programdata\IObit
2009-10-25 14:19:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-24 23:51:41 0 d-----w- c:\users\user\appdata\roaming\BitTorrent
2009-10-24 23:51:33 0 d-----w- c:\program files\BitTorrent
2009-10-24 17:43:17 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-24 17:21:55 0 d--h--w- C:\$AVG
2009-10-24 17:21:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-24 17:21:53 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-10-24 17:21:52 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-10-24 17:21:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 17:21:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 17:21:24 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-24 17:20:16 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-10-24 17:20:16 0 d-----w- c:\program files\AVG
2009-10-24 17:20:08 0 d-----w- c:\programdata\avg9
2009-10-24 16:46:21 0 d-----w- c:\programdata\NVIDIA
2009-10-24 16:43:58 0 d-----w- c:\windows\system32\AGEIA
2009-10-24 16:43:14 797216 ----a-w- c:\windows\system32\nvcplui.exe
2009-10-24 16:43:14 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2009-10-24 16:43:14 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2009-10-24 16:42:08 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-24 16:42:07 9085 ----a-w- c:\windows\system32\nvdisp.nvu
2009-10-24 16:41:13 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-24 11:16:39 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-24 11:13:43 0 d-----w- c:\programdata\Microsoft Help
2009-10-24 10:59:00 0 d-----w- c:\users\user\appdata\roaming\GetRightToGo
2009-10-24 03:38:57 0 d-----w- c:\users\user\appdata\roaming\HpUpdate
2009-10-24 03:38:55 0 d-----w- c:\windows\Hewlett-Packard
2009-10-23 21:32:45 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-23 21:32:45 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-23 11:32:57 0 d-----w- c:\windows\system32\eu-ES
2009-10-23 11:32:57 0 d-----w- c:\windows\system32\ca-ES
2009-10-23 11:32:56 0 d-----w- c:\windows\system32\vi-VN
2009-10-23 09:57:22 0 d-----w- c:\windows\system32\EventProviders
2009-10-23 03:51:31 0 d-----w- c:\program files\ESET
2009-10-23 03:37:59 41344 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-23 03:36:47 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-23 03:36:47 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-23 03:36:47 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-23 03:36:47 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-23 03:36:47 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-23 03:36:47 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-23 03:36:47 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-23 03:36:45 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-23 03:36:41 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-23 03:36:41 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-23 03:36:30 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-23 03:26:05 0 d-----w- c:\programdata\Yahoo! Companion
2009-10-23 03:25:40 0 d-----w- c:\program files\Yahoo!
2009-10-23 03:25:34 0 d-----w- c:\users\user\appdata\roaming\IObit
2009-10-23 03:25:34 0 d-----w- c:\program files\IObit
2009-10-22 23:33:19 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-22 23:01:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-10-22 23:01:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-22 23:00:16 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-10-22 23:00:06 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-10-22 23:00:06 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-10-22 23:00:06 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-10-22 23:00:06 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-10-22 22:59:25 0 d-----w- c:\programdata\Logitech
2009-10-22 22:58:17 0 d-----w- c:\programdata\LogiShrd
2009-10-22 22:50:12 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys
2009-10-22 22:49:36 0 d-----w- c:\program files\common files\TI Shared
2009-10-22 22:49:35 0 d-----w- c:\program files\TI Education
2009-10-22 22:48:02 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-22 16:01:50 0 d-----w- c:\programdata\WEBREG
2009-10-22 15:47:55 0 d-----w- c:\programdata\HPSSUPPLY
2009-10-22 15:46:55 0 d-----w- c:\programdata\HP Product Assistant
2009-10-22 15:46:27 0 d-----w- c:\program files\common files\HP
2009-10-22 15:44:41 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2009-10-22 15:44:41 309760 ----a-w- c:\windows\system32\difxapi.dll
2009-10-22 15:44:10 0 d-----w- c:\program files\HP
2009-10-22 15:43:28 144009 ----a-w- c:\windows\hpoins16.dat
2009-10-22 15:42:26 0 d-----w- c:\programdata\Hewlett-Packard
2009-10-22 15:42:19 0 d-----w- c:\programdata\HP
2009-10-22 15:41:54 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-10-22 15:41:51 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-10-22 13:38:39 0 d-----w- c:\program files\Sims3 Auto Cheater
2009-10-22 13:33:34 0 d-----w- c:\users\user\appdata\roaming\WeatherBug
2009-10-22 13:33:34 0 d-----w- c:\program files\AWS
2009-10-21 11:18:02 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-21 10:25:06 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-21 04:09:32 0 d-----w- c:\temp\Windows Automated Installation Kit for Windows 7 and Windows Server 2008 R2 (x86, x64, ia64) - DVD (English)
2009-10-21 03:03:54 0 d-----w- C:\Temp
2009-10-21 02:49:45 0 d-----w- c:\program files\Mad Scientist Productions
2009-10-21 02:43:44 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-10-21 02:43:42 0 d-----w- c:\program files\Microsoft WSE
2009-10-21 02:08:05 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-21 02:08:02 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-10-21 02:08:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-21 02:07:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-21 02:07:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-21 02:07:59 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-21 02:07:57 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-21 02:07:57 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-21 02:07:57 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-21 02:07:57 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-21 02:07:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-21 02:05:14 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-21 02:05:14 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-21 02:05:11 2501921 ----a-w- c:\windows\system32\wlan.tmf
2009-10-21 02:05:08 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-21 02:05:08 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-21 02:05:07 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-21 02:05:07 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-21 02:05:07 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-21 02:05:05 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-21 02:05:02 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-10-21 02:02:32 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-21 02:02:29 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-10-21 02:01:25 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-21 02:01:21 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-21 02:01:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 02:01:19 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-21 02:01:19 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-21 02:01:16 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-21 02:01:16 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-21 02:01:03 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-21 02:01:00 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-21 02:00:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-21 02:00:46 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-21 02:00:40 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-21 02:00:36 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-21 02:00:30 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-21 01:26:10 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 01:25:57 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 01:25:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-21 01:25:52 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-20 20:24:27 489216 ----a-w- c:\windows\system32\drivers\MRVW245.sys
2009-10-20 20:23:36 0 d-----w- c:\program files\Linksys
2009-10-20 19:54:33 0 d-----w- c:\programdata\Electronic Arts
2009-10-20 19:47:58 0 d-----w- c:\users\user\Tracing
2009-10-20 19:46:45 0 d-----w- c:\program files\Microsoft
2009-10-20 19:46:27 0 d-----w- c:\program files\Windows Live SkyDrive
2009-10-20 19:45:59 0 d-----w- c:\windows\PCHEALTH
2009-10-20 19:39:46 0 ----a-w- c:\users\user\appdata\roaming\wklnhst.dat
2009-10-20 19:31:51 0 d-----w- c:\program files\common files\Windows Live
2009-10-19 18:32:11 0 d-----w- c:\users\user\appdata\roaming\Dell
2009-10-19 18:28:34 0 d-sh--we c:\programdata\Documents
2009-10-19 18:28:34 0 d-sh--we C:\Documents and Settings

==================== Find3M ====================

2009-10-24 17:21:00 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-24 17:21:00 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-24 17:20:59 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-23 11:32:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-23 10:31:20 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-02 07:09:24 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-15 04:06:31 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:49:55.93 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-24.04)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/14/2009 3:28:31 PM
System Uptime: 10/25/2009 10:09:37 AM (0 hours ago)

Motherboard: Dell Inc. | | 0K068D
Processor: Intel® Pentium® Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 283 GiB total, 189.333 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.393 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP46: 10/22/2009 12:01:17 AM - Windows Update
RP47: 10/22/2009 7:55:29 AM - Windows Update
RP48: 10/22/2009 9:33:15 AM - Installed WeatherBug
RP49: 10/22/2009 11:41:56 AM - Device Driver Package Install: Hewlett-Packard Printers
RP50: 10/22/2009 11:44:27 AM - Device Driver Package Install: Hewlett-Packard IEEE 1284.4 compatible printer
RP51: 10/22/2009 11:44:42 AM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP52: 10/22/2009 1:47:04 PM - Device Driver Package Install: Marvell Network adapters
RP53: 10/22/2009 6:48:55 PM - Installed TI Connect 1.6
RP54: 10/22/2009 6:50:18 PM - Device Driver Package Install: Texas Instruments Incorporated Universal Serial Bus controllers
RP55: 10/22/2009 6:51:21 PM - Device Driver Package Install: Walter Oney Software Universal Serial Bus controllers
RP56: 10/22/2009 6:58:54 PM - SetPoint 4.70
RP58: 10/22/2009 11:28:54 PM - Advanced SystemCare RestorePoint
RP59: 10/23/2009 3:00:11 AM - Windows Update
RP60: 10/23/2009 5:56:57 AM - Windows Update
RP61: 10/23/2009 5:32:48 PM - Windows Update
RP62: 10/23/2009 11:43:55 PM - Windows Update
RP64: 10/24/2009 7:12:47 AM - Installed Microsoft Office Home and Student 2007 Trial
RP65: 10/24/2009 12:42:15 PM - Device Driver Package Install: NVIDIA Display adapters
RP66: 10/24/2009 1:19:55 PM - Installed AVG 9.0
RP67: 10/24/2009 1:20:17 PM - Device Driver Package Install: AVG Technologies Network Service
RP68: 10/24/2009 1:42:26 PM - Windows Update
RP69: 10/24/2009 1:44:11 PM - Windows Update
RP71: 10/24/2009 1:55:23 PM - Configured ATI Catalyst Control Center
RP73: 10/24/2009 1:56:54 PM - Avg8 Update
RP75: 10/24/2009 1:57:54 PM - Avg8 Update
RP77: 10/24/2009 2:05:40 PM - Removed ATI Catalyst Control Center
RP78: 10/24/2009 7:54:44 PM - Windows Update
RP79: 10/25/2009 1:18:23 AM - Windows Update
RP80: 10/25/2009 10:17:36 AM - Installed Java™ 6 Update 16
RP81: 10/25/2009 10:19:53 AM - Installed MSN Toolbar Setup

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Advanced SystemCare 3
AVG 9.0
Banctec Service Agreement
BitTorrent
Browser Address Error Redirector
BufferChm
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Creative MediaSource 5
CustomerResearchQFolder
D5300
D5300_doccd
D5300_Help
Dell-eBay
Dell Best of Web
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
EA Download Manager
EDocs
erLT
ESET Online Scanner v3
eSupportQFolder
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart Printer Software 9.0
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
InstallMgr
IObit Security 360
Java™ 6 Update 16
Java™ 6 Update 7
KhalInstallWrapper
Linksys Wireless-N USB Network Adapter WUSB300N
Logitech SetPoint
MarketResearch
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 3.0 Runtime
Modem Diagnostic Tool
MSN Toolbar
MSVCRT
NetWaiting
NVIDIA Drivers
NVIDIA PhysX v8.09.04
PanoStandAlone
PS_SF_02_ProductContext
PS_SF_02_Software
PS_SF_02_Software_min
PSSWCORE
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB956358)
SimCity™ Societies
SimCity™ Societies Destinations
SolutionCenter
Sound Blaster Audigy ADVANCED MB
Status
The Sims™ 3
TI Connect 1.6
Toolbox
TrayApp
TS3 Install Helper Monkey
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
WeatherBug
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/25/2009 10:16:34 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
10/25/2009 10:10:15 AM, Error: EventLog [6008] - The previous system shutdown at 10:08:20 AM on 10/25/2009 was unexpected.
10/25/2009 10:10:02 AM, Error: volmgr [46] - Crash dump initialization failed!
10/25/2009 1:19:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/25/2009 1:19:55 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/25/2009 1:19:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/24/2009 12:34:22 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:05 PM on 10/24/2009 was unexpected.
10/24/2009 12:30:24 PM, Error: EventLog [6008] - The previous system shutdown at 12:24:47 PM on 10/24/2009 was unexpected.
10/24/2009 1:40:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:38:00 PM on 10/24/2009 was unexpected.
10/23/2009 7:07:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Vista Service Pack 2 (KB948465).
10/23/2009 4:17:41 AM, Error: EventLog [6008] - The previous system shutdown at 4:05:25 AM on 10/23/2009 was unexpected.

==== End Of File ===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 11:20
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA662B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{00b8f8ec-be9b-11de-ade5-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{07808cc2-c0c6-11de-ada6-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{07808cc7-c0c6-11de-ada6-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{07808~3
Status: Locked to the Windows API!

Path: C:\System Volume Information\{09a18729-c170-11de-8f07-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{09a1872d-c170-11de-8f07-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0ac24b40-c0bb-11de-9117-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0e97dae4-bf82-11de-b89a-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0e97daec-bf82-11de-b89a-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1b765ce9-c0c7-11de-a805-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4191f38f-c01a-11de-8961-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{77944828-bfac-11de-95a2-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{940a5b42-c084-11de-90ec-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9ee0e348-c0bc-11de-8991-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9ee0e34c-c0bc-11de-8991-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a20fb8cb-c124-11de-981c-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{B636F~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3af010-bf01-11de-93fc-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3af016-bf01-11de-93fc-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3af01c-bf01-11de-93fc-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3213a9eb-c01c-11de-b1ab-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2bdb6a48-c0c4-11de-972a-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2bdb6a5b-c0c4-11de-972a-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aeec9-bf01-11de-93fc-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aeee4-bf01-11de-93fc-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aeef7-bf01-11de-93fc-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aeefe-bf01-11de-93fc-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aef04-bf01-11de-93fc-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aefe7-bf01-11de-93fc-001c106aaa5b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2e3aeffb-bf01-11de-93fc-00219b205c1a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\$avg\$chjw\38dc7602-8015-4fd2-b2d6-5390e92359fc
Status: Size mismatch (API: 2362484, Raw: 0)

Path: c:\$avg\$chjw\72624a54-2263-4e78-ad9f-864cb5bd8b5e
Status: Size mismatch (API: 3689684, Raw: 0)

Path: C:\Windows\Temp\2b3f7ad6-4b41-4179-ab02-a960e547831d.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\2f277713-0c69-465c-a676-6918e1b98a39.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\37cd484f-45f0-4ba1-89b5-fb7d6af93dcc.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\484fa39d-3d61-4ce3-9c7a-f3ba3ce359e4.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\78173fe9-f660-47b4-96c5-27e283d72397.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\a4f29636-20b4-4178-9db4-c6bbce71e59d.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\c04b857a-2243-49e8-a2a3-04e1bb8ee1b3.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\Temp\f076d31e-890e-4f3e-9d3c-da7e873ca118.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1596 Status: Locked to the Windows API!

SSDT
-------------------
#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x9bb1c620

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x9bb1c6d0

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x9bb1c770

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys" at address 0x9bb1c810

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 2640) Address: 0x6cb90000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 2640) Address: 0x6e590000 Size: 315392

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 2640) Address: 0x6eaa0000 Size: 20480

==EOF==

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:05 PM

Posted 27 October 2009 - 03:05 PM

Hello Halloweenscorpio :( Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



I need for you to perform the following:




RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.









Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.






Please do not post any logs as an attachment unless asked to do so.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 Halloweenscorpio

Halloweenscorpio
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 October 2009 - 08:59 PM

I got my control box with rkill, but it didn't flash, it said something about nothing on my pc using it. (not an exact quote, I inadvertantly deleted the message)


Malwarebytes' Anti-Malware 1.41
Database version: 3050
Windows 6.0.6002 Service Pack 2

10/28/2009 9:51:40 PM
mbam-log-2009-10-28 (21-51-40).txt

Scan type: Quick Scan
Objects scanned: 92447
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:05 PM

Posted 28 October 2009 - 09:52 PM

When you say something is wrong, what makes you think it is an infection? What kind of symptoms are you having?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 Halloweenscorpio

Halloweenscorpio
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 29 October 2009 - 06:29 AM

I had issues with my other desktop, it kept not going beyond the windows screen. I would reformat it and next thing I would know, it would do it again. I finally got frustrated and bought this (more hard drive and memory too). This did the same thing, although so far it hasn't done it again. I use wifi, and was afraid it was going to do the same as the older computer, which I thought was infected since it kept having issues. I am relieved your programs haven't found anything. I may run them on the other pc, once I re-re-reformat.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:05 PM

Posted 29 October 2009 - 08:27 AM

I did see anything in the log to make me think it is infected. If it happens with both computers you might want to look at what a common problem may be. A router or something.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:05 PM

Posted 03 November 2009 - 09:21 AM

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users