Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes Randomly


  • This topic is locked This topic is locked
8 replies to this topic

#1 suedenym

suedenym

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 04 October 2010 - 08:49 AM

Hi,

Ever since I replaced the CMOS battery, my computer keeps freezing randomly and I am forced to soft boot it to get back in. Some common features that I notice are:

1) Taskmanager usually shows 100% CPU utilisation (though at times it freezes even at 88%)
2) ALWAYS freezes when I'm using skype (even without video) after about 2-10 minutes of OK usage
3) Freezes quite often on specific webpages which have flash videos or fancy graphics, even though I haven't started the video
4) Upon rebooting, freezes sometimes even when I haven't opened any application
5) Always freezes when I do a deep spyware scan using HouseCall or Spyware Terminator, even when in Safe Mode. A standard quick scan shows no problems. I use Avast Antivirus which ran the deep scan properly and found no problems. Installing Office 2007 also froze the computer during installation.

I have tried:
1) cleaning the dust in the tower fans
2) Reseating all IDE connections

I am attaching text files of:
1) System Info
2) HijackThis scan

Could someone please help me.

Thanks. wacko.gif

Attached Files



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 AM

Posted 04 October 2010 - 11:23 AM

Since you provided a HijackThis log in your topic, it was moved to this forum as logs are not permitted in the forum you originally posted in. Some BC advisors have already been discussing your issue but with the log posted, they could not reply until we eliminate malware as a possible cause.

Do you recognize this Domain as belonging to ISP or network? If you're not sure, please check with your Internet Service Provider.
QUOTE
O17 - HKLM\System\CCS\Services\Tcpip\..\{919C5EBB-3311-406B-BE1C-8C0F853AE9E7}: NameServer = 120.138.96.18 120.138.98.18

The IP address resolves to: 136, SHIVSHAKTI IND. PREMISES, MAROL, ANDHERI (E), MUMBAI- 400059, INDIA

Important! Temporarily disable your anti-virus and any anti-malware real-time protection programs you are using so they will not interfere with the entries we will be fixing in HijackThis. Click this link to see a list of such programs and how to disable them.

Run HijackThis, and press "Scan." When the scan is complete place a check mark next to the following entries (if they are still present): (Please be careful and do not check any other boxes)

QUOTE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

After checking these items CLOSE ALL open windows except HijackThis and click "Fix Checked" to remove the entries you checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, close HijackThis and reboot your computer normally.

Other than that, nothing of significant concern showing in your log. However, HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Therefore, a hijackthis log may not always show all the malware on your system. Lets investigate some more to see if we find anything else that HijackThis did not detect.

Please perform a scan with Malwarebytes Anti-Malware and follow these instructions for doing a Quick Scan in normal mode.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
-- If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the ... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished. If that's the case, please refer to How To Temporarily Disable Your Anti-virus.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 AM

Posted 04 October 2010 - 11:50 AM

HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

After doing the above, please download RSIT by random/random from the link provided for your operating system and save it to your desktop.This tool needs to run while the computer is connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everthing and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste it in your next reply.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
  • Do not post the info.txt log unless I ask for it.

Reports/logs to post in your next reply:
* log.txt
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 suedenym

suedenym
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 05 October 2010 - 12:40 AM

Hi,

Have done the following:

1) Confirming that the domain name
QUOTE
O17 - HKLM\System\CCS\Services\Tcpip\..\{919C5EBB-3311-406B-BE1C-8C0F853AE9E7}: NameServer = 120.138.96.18 120.138.98.18
is my ISP

2) Fixed the following four items found by HijackThis. The now don't appear in fresh scans.
QUOTE
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


3) Ran Malwarebytes Anti-Malware twice for a quick scan. The computer froze both times.
The first time, after 1min50sec while scanning
QUOTE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run

The second time after 2min6sec while scanning
QUOTE
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software

Both times, Taskmanager (which I had kept open) showed CPU Usage at 100%

4) Did not try Kaspersky for similar likelihood of freezing.

5) Ran RSIT. The Log is pasted below:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-10-05 10:57:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (48%) free of 26 GB
Total RAM: 503 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:54, on 05/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1280226767032
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{919C5EBB-3311-406B-BE1C-8C0F853AE9E7}: NameServer = 120.138.96.18 120.138.98.18
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSVCCDA.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6803 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{99462EFD-F0CE-415B-8578-98F574CFF37B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-07-23 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [2007-11-27 654832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2010-03-10 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\ctbr.dll [2010-07-23 1241448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"CD Autorun"=C:\Program Files\TweakNow PowerPack 2010\CDAuto.exe [2010-03-24 429312]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
C:\Program Files\Comodo\Firewall\CPF.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\WebCam Control\CAMTRAY.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-24 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe /StartedFromRunKey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
C:\WINDOWS\PowerS.exe [2001-08-03 159800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
C:\TVR\RecSche.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spyware Doctor\SDTrayApp.exe [2007-10-02 1065288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
C:\Program Files\ThreatFire\TFTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\Winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x5F000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\System32\rundll32.exe"="C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncredibleCharts\IncredibleCharts.exe"="C:\Program Files\IncredibleCharts\IncredibleCharts.exe:*:Enabled:IncredibleCharts Pro"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-10-05 10:57:38 ----D---- C:\rsit
2010-10-05 08:42:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-10-05 08:42:26 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-05 08:42:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-10-05 08:42:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-05 08:42:21 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-04 18:45:30 ----D---- C:\Program Files\Trend Micro
2010-10-04 13:29:59 ----D---- C:\WINDOWS\CSC
2010-10-04 13:07:53 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys
2010-09-27 18:32:02 ----D---- C:\Program Files\Common Files\L&H
2010-09-27 18:31:36 ----D---- C:\Program Files\Microsoft ActiveSync
2010-09-27 18:30:28 ----D---- C:\Program Files\Common Files\DESIGNER
2010-09-27 18:30:20 ----D---- C:\Program Files\Microsoft Works
2010-09-27 18:29:11 ----D---- C:\Program Files\Microsoft.NET
2010-09-27 18:29:11 ----D---- C:\Program Files\Microsoft Office Professional 2003
2010-09-27 15:19:46 ----D---- C:\Program Files\Common Files\SIL
2010-09-27 15:19:43 ----D---- C:\Documents and Settings\All Users\Application Data\SIL
2010-09-27 12:39:50 ----D---- C:\RupaJobs
2010-09-27 12:36:24 ----D---- C:\Program Files\Rupantar
2010-09-27 06:25:41 ----D---- C:\Program Files\Magical Jelly Bean Product Keyfinder
2010-09-26 10:38:32 ----RHD---- C:\MSOCache
2010-09-26 00:51:36 ----D---- C:\Program Files\Microsoft Office
2010-09-26 00:51:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-09-26 00:33:41 ----ASH---- C:\pagefile.sys
2010-09-24 18:59:36 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2010-09-24 18:58:17 ----D---- C:\Program Files\WinRAR
2010-09-24 16:12:15 ----D---- C:\WINDOWS\system32\DRVSTORE
2010-09-24 16:11:03 ----D---- C:\Program Files\Prolink
2010-09-24 08:54:58 ----D---- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2010-09-24 08:54:38 ----D---- C:\Program Files\Innovative Solutions
2010-09-24 08:04:19 ----A---- C:\WINDOWS\uninstal.exe
2010-09-23 22:46:01 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2010-09-23 22:40:55 ----D---- C:\Program Files\Realtek AC97
2010-09-23 13:06:11 ----D---- C:\Program Files\TV2K
2010-09-23 11:37:28 ----D---- C:\Program Files\Prolink(2)
2010-09-23 09:32:01 ----D---- C:\Compaq
2010-09-23 09:14:42 ----D---- C:\HP
2010-09-23 09:13:27 ----D---- C:\Ibmtools
2010-09-23 08:31:37 ----D---- C:\Documents and Settings\Administrator\Application Data\DeviceDoctorSoftware
2010-09-23 08:31:20 ----D---- C:\Program Files\Device Doctor
2010-09-23 07:49:13 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-09-20 13:53:43 ----D---- C:\Program Files\Prolink(3)
2010-09-20 12:47:28 ----D---- C:\Program Files\Realtek
2010-09-20 11:26:28 ----D---- C:\WINDOWS\system32\Lang
2010-09-19 15:10:39 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-09-18 18:33:48 ----D---- C:\Documents and Settings\Administrator\Application Data\IObit
2010-09-18 18:33:46 ----D---- C:\Program Files\IObit
2010-09-18 11:44:01 ----HD---- C:\WINDOWS\PIF
2010-09-16 12:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-16 12:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-16 12:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-16 12:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-16 12:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-16 12:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 12:33:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$

======List of files/folders modified in the last 1 months======

2010-10-05 10:57:27 ----D---- C:\WINDOWS\Prefetch
2010-10-05 10:54:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2010-10-05 09:28:04 ----D---- C:\WINDOWS\Temp
2010-10-05 08:42:26 ----D---- C:\WINDOWS\system32\drivers
2010-10-05 08:42:21 ----RD---- C:\Program Files
2010-10-05 08:28:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-05 08:02:53 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2010-10-05 06:57:09 ----D---- C:\WINDOWS\system32
2010-10-05 05:25:34 ----D---- C:\Program Files\IncredibleCharts
2010-10-04 20:40:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-04 13:31:09 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-04 13:29:59 ----D---- C:\WINDOWS
2010-09-30 19:52:57 ----SH---- C:\boot.ini
2010-09-30 19:52:57 ----A---- C:\WINDOWS\win.ini
2010-09-30 19:52:57 ----A---- C:\WINDOWS\system.ini
2010-09-30 18:59:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-09-29 08:03:30 ----HD---- C:\Config.Msi
2010-09-29 07:20:31 ----SHD---- C:\WINDOWS\Installer
2010-09-29 07:20:26 ----D---- C:\WINDOWS\WinSxS
2010-09-29 07:17:41 ----RSD---- C:\WINDOWS\assembly
2010-09-29 07:17:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-09-27 20:43:44 ----RSD---- C:\WINDOWS\Fonts
2010-09-27 19:30:31 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-09-27 18:34:52 ----A---- C:\WINDOWS\ODBC.INI
2010-09-27 18:32:02 ----D---- C:\Program Files\Common Files
2010-09-27 18:31:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-27 18:31:44 ----D---- C:\WINDOWS\SHELLNEW
2010-09-27 18:23:13 ----D---- C:\WINDOWS\system
2010-09-27 11:08:25 ----D---- C:\Program Files\WinZip
2010-09-26 11:50:13 ----D---- C:\WINDOWS\inf
2010-09-26 11:50:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-09-26 10:41:41 ----D---- C:\Program Files\Common Files\System
2010-09-25 23:08:27 ----A---- C:\WINDOWS\BcdLog.txt
2010-09-24 16:19:09 ----D---- C:\WINDOWS\system32\config
2010-09-24 16:18:53 ----D---- C:\WINDOWS\system32\wbem
2010-09-24 16:18:52 ----D---- C:\WINDOWS\Registration
2010-09-24 16:12:33 ----D---- C:\WINDOWS\twain_32
2010-09-24 16:12:20 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-09-24 16:12:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-09-24 15:27:38 ----D---- C:\WINDOWS\Help
2010-09-24 10:04:45 ----A---- C:\WINDOWS\RtlRack.ini
2010-09-23 13:06:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-23 07:41:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2010-09-19 18:40:39 ----D---- C:\Program Files\Mozilla Firefox
2010-09-19 18:40:31 ----D---- C:\WINDOWS\Debug
2010-09-19 17:47:37 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-19 17:34:38 ----D---- C:\WINDOWS\repair
2010-09-19 13:08:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2010-09-19 09:21:33 ----A---- C:\WINDOWS\Tsctvfm.ini
2010-09-17 06:30:33 ----D---- C:\Program Files\Crawler
2010-09-16 12:38:35 ----A---- C:\WINDOWS\imsins.BAK
2010-09-16 12:38:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 12:35:42 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-12 23:34:07 ----D---- C:\Program Files\TweakNow PowerPack 2010
2010-09-12 17:38:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2010-09-12 16:59:42 ----D---- C:\Downloads
2010-09-08 18:53:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-09-07 20:41:54 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-10-04 41288]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-10-04 62280]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-10-04 79688]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 BT848;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT848.SYS [2001-02-03 290440]
S2 BTTUNER;BtTuner, WDM TV Tuner; C:\WINDOWS\system32\drivers\BTTUNER.SYS [2001-02-03 22288]
S2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.SYS [2001-02-03 12632]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dTVdrvNT;dTVdrvNT; \??\C:\WINDOWS\SYSTEM32\dTVdrvNT.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTSVCCDA.EXE []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-27 138680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe [2007-10-02 742216]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe [2007-10-02 1415496]

-----------------EOF-----------------

Thanks a lot for your attention quietman7. Looking forward to your reply.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 AM

Posted 05 October 2010 - 07:56 AM

Crashes (BSOD), unexpected shutdowns, sudden freezing, random restarting, and booting problems could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and sometimes malware. Even legitimate programs like CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) can trigger crashes, various stop error messages and system hangs so you may or may not be dealing with multiple issues.

Were you using Trend Micro's anti-virus before avast? I ask because tmcomm.sys is showing in your log. This is a driver which has caused conflicts with Microsoft Kernel Driver resulting in crashes. See here.
- If you were using Trend, how did you uninstall it?
- Did you use Trend's removal tool?
- Did your current issues start about that same time?

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts including:
    • Administrator.
    • All Users.
    • LocalService.
    • NetworkService.
    • and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Can you reboot in "Safe Mode with Networking? If so, you can try doing the Kaspersky scan that way.

Also, if you cannot run Malwarebytes Anti-Malware or complete a scan in normal mode, then try performing a Quick Scan in "safe mode".


Note: Your log shows that Mdm.exe is running on your system. Mdm.exe is Microsoft's Machine Debug Manager program which is included in Microsoft Visual Studio .NET, Microsoft Office 2007, Microsoft Office 2003, and a Microsoft Office XP post-Service Pack 3 release to provide support for program debugging. The Script Debugger is actually a JScript debugger used by programmers and advanced users when debugging programs; testing scripts developed using an ActiveX script engine; debug scripts developed with VBScript and JScript, ActiveX components and Java applets. It allows viewing and modifying program source code, variables, and values, or controlling the flow and pace of how the script works and allows debugging Internet Explorer errors by using a script interface tool.

This process starts when script debugging is enabled in Internet Explorer. It runs as a service with the local system account and is loaded when the computer starts but sometimes tends to slow system performance or cause other issues. This is a non-essential process and if you do not use your computer for debugging purposes, you can safely turn off the Machine Debug Manager.

To reconfigure script debugging options and Disable Machine Debug Manager:
  • Click on Start > Run and in the open box, type: iexplore.exe.
  • Press OK.
  • On the Tools menu, click Internet Options > Advanced tab.
  • Click the "Advanced tab" and scroll down to "Browsing".
  • Put a check mark next to "Disable Script Debugging (IE)".
  • Put a check mark next to "Disable Script Debugging (Other)".
  • Uncheck "Display a notification about every script error".
  • Click "OK" and close Internet Explorer.
To disable the service:
  • Click on Start > Run and in the open box, type: services.msc
  • Press OK.
  • Click the "Extended tab" at the bottom to view all the info on your services.
  • Scroll down the list and find the service called Machine Debug Manager.
  • When you find the service, double-click on it or right-click and choose "Properties".
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Disabled".
  • Click Apply, then OK and close any open windows.
Screenshot with an example of how to do this if needed.

-- Note: If another application like Microsoft Visual Studio or .NET reinstalls Mdm.exe, or if Mdm.exe /Regserver is run on a computer that is running Window XP, Mdm.exe is re-added to the RunServices registry key. If the Detect and Repair feature within some Microsoft applications runs, this will also cause Mdm.exe to be re-registered on the system and reappear in Task Manager.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 suedenym

suedenym
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 06 October 2010 - 08:26 AM

Here's what I've done.

1) I've only been using this computer since late July. I don't think it had Trend Micro before that but can't be sure. The tmcomm.sys file that you've referred to was created on 04/10/2010 i.e. when I installed TM Housecall to do a scan two days ago. So, should I now uninstall it with the TM Removal tool?

2) Ran TFC and it cleaned out about 800MB of data.

3) Disabled MDM.

4) Ran a Quick Scan with MalwareBytes in Safe Mode. The computer froze again, but well into the scan. It seemed to have finished with the system drive (Windows, System 32, Microsoft etc.) with 0 infections found and was doing "other items on your computer" when it froze.

What should be the next steps? Can we be reasonably sure that it is not a malware problem?

Other choices I have are to clean up the tower from inside once again, this time with a vacuum cleaner, reseat the CMOS battery, reseat all cables. If that doesn't work, I'll have to repair Windows or do a clean install as a last resort.

Sorry for so many questions, but just two more...

1) Should I get back into the Windows/hardware issues forum?
2) This whole issue started when I changed the CMOS battery. Can that have anything to o with it? The battery itself is working fine.

Another very recent symptom is that twice in the last week, the computer has suddenly died on me and shut down by itself even though it runs off a UPS, with me having to do a hard reboot. I haven't addressed this issue at all until now.

Many thanks for your help.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 AM

Posted 06 October 2010 - 09:22 AM

QUOTE
The tmcomm.sys file that you've referred to was created on 04/10/2010 i.e. when I installed TM Housecall to do a scan two days ago. So, should I now uninstall it with the TM Removal tool?
No the removal tool is intended for the anti-virus. House may download some of the same files but it does not uninstall the same way. According to TM, Housecall automatically unloads everything that it used after you have scanned your system. However, some users have reported remnants left behind which apparently were not removed. A Housecall folder is created in the %temp% folder which stores most of the components used by the online tool and it can be manually deleted. You should be able to delete tmcomm.sys as well but if you choose to use Housecall again, the file will be reinstalled when the Housecall folder is recreated.

QUOTE
Can we be reasonably sure that it is not a malware problem?
Without being able to complete a scan there is no way to be absolutely sure but I thought we should give it a try before moving on to troubleshooting. The fact that MBAM finished with the system drive showing 0 infections found is a positive sign but if all scans are freezing as well as other applications, I am inclined to suspect you are not dealing with malware.

QUOTE
Other choices I have are to clean up the tower from inside once again, this time with a vacuum cleaner, reseat the CMOS battery, reseat all cables.
That is always a good place to start troubleshooting. A dirty system on the inside is often responsible for what seems to be serious symptoms.

QUOTE
If that doesn't work, I'll have to repair Windows or do a clean install as a last resort.
If its a hardware related issue, that may not help. Before resorting to that, there are other diagnostic options which can be used for further troubleshooting.

QUOTE
Sorry for so many questions, but just two more...1) Should I get back into the Windows/hardware issues forum?
Yes, the BC Staff Advisors have already been advised you would be doing that.

QUOTE
2) This whole issue started when I changed the CMOS battery. Can that have anything to o with it? The battery itself is working fine.
That sounds like a strong possibility but its not my area of expertise so I would let those Advisors knowledgeable in that area address it.

QUOTE
Another very recent symptom is that twice in the last week, the computer has suddenly died on me and shut down by itself even though it runs off a UPS, with me having to do a hard reboot. I haven't addressed this issue at all until now.
That tends to reinforce my suspicions you are dealing with dirty components inside the case or a hardware problem.

Let me know when you start your new topic in the Hardware forum so I can follow along and close this thread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 suedenym

suedenym
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 15 October 2010 - 09:11 AM

Hi quietman7

I've started a new topic called [topic="353862&hl"]Computer Still Freezes Randomly[/topic] in the Internal Hardware forum.

Thanks for your help.

Cheers

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 AM

Posted 15 October 2010 - 09:22 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users