Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting a smooth running computer


  • Please log in to reply
15 replies to this topic

#1 Scottintexas

Scottintexas

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 06 August 2011 - 09:42 AM

It is hard to give this a proper title because I am not sure if the problems are related, cascading, or individual with each one needing a different response.

The system is a Dell Vostro 1510, 3Gb RAM, 500Gb hard drive. Wireless connection to Linksys router.
When I want to download a file, or stream something, I may get 2 or the Mb then the stream or file just stops. I use Firefox 5.0.1. When I try it in Explorer I keep getting script errors with the message asking if I want to continue to run scripts on that page. So does my daughter on her computer. I just use Firefox. My system will seem to be running perfectly, then suddenly it doesn't. I have tried opening suspected programs (Quicken is one I think) that have some sort of problem that causes them to stop responding. That cascades to anything else that is running at the time.

Having read several posts here I went ahead and ran the mini tool box as it is often suggested and the results are pasted below.

MiniToolBox by Farbar
Ran by Scott (administrator) on 06-08-2011 at 09:32:06
Windows Vista ™ Business Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Scott-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1F-E1-CB-56-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::648b:a8b8:642e:300%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 06, 2011 7:47:36 AM
Lease Expires . . . . . . . . . . : Sunday, August 07, 2011 7:47:36 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184557537
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BB-F2-AC-00-21-70-94-C5-3C
DNS Servers . . . . . . . . . . . : 10.10.10.1
208.91.9.3
216.81.36.10
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-21-70-94-C5-3C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C389E648-980B-4D2F-9AB3-DBE1AE913F65}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1F1DFC4C-7797-46EA-871B-470D27878D50}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.10.10.1

Name: google.com
Addresses: 74.125.73.104
74.125.73.105
74.125.73.106
74.125.73.147
74.125.73.99
74.125.73.103



Pinging google.com [74.125.73.106] with 32 bytes of data:

Reply from 74.125.73.106: bytes=32 time=3166ms TTL=53

Reply from 74.125.73.106: bytes=32 time=29ms TTL=53



Ping statistics for 74.125.73.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 3166ms, Average = 1597ms

Server: UnKnown
Address: 10.10.10.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=20ms TTL=55

Reply from 209.191.122.70: bytes=32 time=20ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 20ms, Average = 20ms



Pinging 127.0.0.1 with 32 bytes of data:

General failure.

General failure.



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

===========================================================================
Interface List
11 ...00 1f e1 cb 56 7d ...... Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
10 ...00 21 70 94 c5 3c ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{C389E648-980B-4D2F-9AB3-DBE1AE913F65}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{1F1DFC4C-7797-46EA-871B-470D27878D50}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.109 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.109 281
192.168.1.109 255.255.255.255 On-link 192.168.1.109 281
192.168.1.255 255.255.255.255 On-link 192.168.1.109 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.109 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.109 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::648b:a8b8:642e:300/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/06/2011 07:48:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2011 07:45:20 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/05/2011 06:43:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2011 01:32:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2011 05:11:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2011 06:09:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2011 09:45:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2011 03:27:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2011 02:06:46 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 6.0.0.104, time stamp 0x4548d6f9, faulting module jusched.exe, version 6.0.0.104, time stamp 0x4548d6f9, exception code 0xc0000005, fault offset 0x00001cdb,
process id 0xfe8, application start time 0xjusched.exe0.

Error: (08/02/2011 01:57:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/06/2011 07:49:25 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (08/06/2011 07:49:23 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: OMCI

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: lxduCATSCustConnectService%%1053

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: 30000lxduCATSCustConnectService

Error: (08/06/2011 07:49:00 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6425.1000)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.2)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Carbonite (Version: 4.0.4 build 806 (Mar-03-2011))
Cisco EAP-FAST Module (Version: 2.0.26)
Cisco LEAP Module (Version: 1.0.11)
Cisco PEAP Module (Version: 1.0.12)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.102.7)
Dell Wireless WLAN Card (Version: 4.170.25.12)
Google Chrome (Version: 13.0.782.107)
Google Update Helper (Version: 1.3.21.65)
GoToAssist Corporate (Version: 9.1.0.615)
Guitar Pro 6
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Lexmark 5600-6600 Series
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Toolbar (Version: 4.13.37.0)
Lexmark Tools for Office (Version: 1.24.0.0)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mMHouse (Version: 9.24.0000)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
mPfMgr (Version: 9.24.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWMI (Version: 9.24.0000)
O2Micro Flash Memory Card Reader Driver (x86) (Version: 3.17)
PowerDVD (Version: 8.0)
Quicken 2011 (Version: 20.1.8.6)
QuickTime (Version: 7.69.80.9)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Seagate Manager Installer (Version: 2.01.0600)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Stamps.com
Stamps.com (Version: 8.9.2.2162)
SystemSuite 11 Professional (Version: 11.3.2.0)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3061.69 MB
Available physical RAM: 1740.52 MB
Total Pagefile: 3233.98 MB
Available Pagefile: 2043.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.33 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.68 GB) (Free:349.25 GB) NTFS
2 Drive d: (SPORTYS_PRIVATE_VOLUME_2) (CDROM) (Total:6.35 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SCOTT-PC

Administrator Guest Scott

========================= Minidump Files ==================================


== End of log ==
Still searching for the "Read My Mind and Do It" button.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:31 AM

Posted 06 August 2011 - 10:12 AM

Pinging 127.0.0.1 with 32 bytes of data:

General failure.

General failure.


That indicates some sort of network card failure.

You should receive this:

C:\Users\cryptodan>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\cryptodan>


I would try updating your network card drivers, and if that doesn't work replace the network card.

Since I see no active anti-virus installed lets run a check:

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 06 August 2011 - 11:56 AM

Thank you very much for your response.

I have active firewall and anti-virus and malware software. It's called Avanquest System Suite Pro 11. I have run everything and it comes up empty. In the past it has found things that Malwarebytes didn't catch. But I doesn't mean it gets everything. I had Malwarebytes anti-malware installed before, and oh what a mess I caused! I'll check the network card as you suggest. Since I just re-installed windows and everything I am sure there is a driver problem even though I downloaded all the updates. I'll let you know the results. I may install the other programs you suggest and run those and post the results. But I am just a little nervous about it.
Still searching for the "Read My Mind and Do It" button.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:31 AM

Posted 06 August 2011 - 12:03 PM

Post any log items from Malwarebytes that detected infections.

#5 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 06 August 2011 - 12:27 PM

OK. I went to Device Manager and directed the driver for the Dell Wireless mini card and the Realtek Gigabit ethernet NIC to check for driver updates and it came back as having the up to date drivers. I don't know what else I can do about testing the drivers other than what has been done.

Since this is a lap top I assume the network "cards" are built onto the main board. If that is the case then I will have to replace the board.
Still searching for the "Read My Mind and Do It" button.

#6 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 06 August 2011 - 01:14 PM

These posts seem a little out of order. I will download Malwarebytes and run it. I'll let you know how it goes. It may take a while because the network card issue. I just ordered a new card and should have it by Tuesday. If I can't get the Malware loaded by then I will insert the new card and try again. Then I will post the results.

I appreciate your rapid responses and your help. I'm just glad there are gurus out there willing to do this. And I am really grateful for Bleeping Computer!
Still searching for the "Read My Mind and Do It" button.

#7 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 09 August 2011 - 11:05 AM

Allright. I have run the three programs you suggested. I have also just received the new network card in the mail. I'll insert it in a few mintues. Here are the logs from the three programs.

Malwarebytes;
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7416

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/9/2011 7:38:20 AM
mbam-log-2011-08-09 (07-38-20).txt

Scan type: Quick scan
Objects scanned: 177899
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Scott\downloads\shopathome_toolbar.exe (Adware.Sahat) -> Quarantined and deleted successfully.

SuperAntiSpyware;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2011 at 10:08 AM

Application Version : 5.0.1108

Core Rules Database Version : 7533
Trace Rules Database Version: 5345

Scan type : Complete Scan
Total Scan Time : 01:06:28

Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 782
Memory threats detected : 0
Registry items scanned : 38704
Registry threats detected : 0
File items scanned : 43312
File threats detected : 24

Adware.Tracking Cookie
media.kyte.tv [ C:\USERS\SCOTT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TNRWGKNU ]
a.ads2.msads.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
adimages.scrippsnetworks.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
ads2.msads.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
adsatt.espn.go.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
b.ads2.msads.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
cdn.insights.gravity.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
cdn4.specificclick.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
convoad.technoratimedia.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
ia.media-imdb.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
img-cdn.mediaplex.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
media.kyte.tv [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
media.mtvnservices.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
media.scanscout.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
media01.kyte.tv [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
media1.break.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
mediaforgews.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
msnbcmedia.msn.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
objects.tremormedia.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
s0.2mdn.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
secure-us.imrworldwide.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
sftrack.searchforce.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
speed.pointroll.com [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]
track.adform.net [ C:\USERS\SCOTT\CARBONITE RESTORED OLD USER SETTINGS\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JDYQXP7E ]

That is incredible!

GMER;

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-09 10:55:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000BPVT-00HXZT1 rev.01.01A01
Running: kd3xd5zg.exe; Driver: C:\Users\Scott\AppData\Local\Temp\fgloypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xAA3C9640]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 820C0DA4 4 Bytes [40, 96, 3C, AA] {INC EAX; XCHG ESI, EAX; CMP AL, 0xaa}
? System32\drivers\cmao.sys The system cannot find the path specified. !
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF A905C03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F A905C0AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F A905C0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 A905C130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 A905C137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74727817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7477A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7472BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7471F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7471E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74758395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7472DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7471FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7471FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [747ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7474C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7471D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74716853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7471687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2312] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74722AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\tdx \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\tdx \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Still searching for the "Read My Mind and Do It" button.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:31 AM

Posted 09 August 2011 - 11:15 AM

Can you run a complete scan with Malwarebytes?

#9 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 09 August 2011 - 11:36 AM

I thought it was a complete scan. I will run it as soon as this is posted. I have replaced the network card and pinged the loopback with the desired results. Yeah!!

I'll post the malwarebytes results as soon as it is done.
Still searching for the "Read My Mind and Do It" button.

#10 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 09 August 2011 - 01:04 PM

All right. It finally finished.
Malwarebytes scan;

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7416

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

8/9/2011 1:02:43 PM
mbam-log-2011-08-09 (13-02-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 295794
Time elapsed: 1 hour(s), 26 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

That's it. I'm looking forward to your analysis.
Still searching for the "Read My Mind and Do It" button.

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:31 AM

Posted 09 August 2011 - 01:14 PM

Scans show good:

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

No installation required.

Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.

Go File>Save, and save it as AutoRuns.txt file to know location.

You must select Text from drop-down menu as a file type:

Posted Image

Attach the file to your next reply.

Compliments of Broni

#12 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 13 August 2011 - 06:59 AM

Here is the Autoruns output. It's not in a real easy to read format.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "Carbonite Backup" "Carbonite User Interface" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carboniteui.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "lxduamon" "" "" "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
+ "lxdumon.exe" "Printer Device Monitor" "" "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
+ "MaxMenuMgr" "FreeAgent™ Launcher" "Seagate LLC" "c:\program files\seagate\seagatemanager\freeagent status\stxmenumgr.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ISUSPM" "Macrovision Software Manager" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "SystemSuite Menu" "Utility Context Menu Module" "Avanquest Software" "c:\program files\avanquest\systemsuite\mxctxmnu.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "SystemSuite Menu" "Utility Context Menu Module" "Avanquest Software" "c:\program files\avanquest\systemsuite\mxctxmnu.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Roxio DragToDisc Shell Extension" "DirectCD Shell Extention DLL" "Roxio" "c:\program files\roxio\drag-to-disc\shellex.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes' Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Avanquest Safe Search" "Safe Search for Internet Explorer" "AVG Exploit Prevention Labs, Inc." "c:\program files\avanquest\systemsuite\avgssie.dll"
+ "DataVault Object" "Avanquest Secure Vault IE Plugin" "Avanquest Software" "c:\program files\avanquest\systemsuite\ie_contextmenu_vault.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Lexmark Printable Web" "" "" "c:\program files\lexmark printable web\bho.dll"
+ "Lexmark Toolbar" "" "" "c:\program files\lexmark toolbar\toolband.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Lexmark Toolbar" "" "" "c:\program files\lexmark toolbar\toolband.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\Installation App Launcher" "" "" "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}" "" "" "File not found: C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AvanquestWindowsMonitorService" "Windows Monitor service - for boot and shutdown logging, system performance monitoring" "Avanquest Publishing USA, Inc." "c:\program files\avanquest\systemsuite\avqwinmonengine.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CarboniteService" "Carbonite Backup Service" "Carbonite, Inc. (www.carbonite.com)" "c:\program files\carbonite\carbonite backup\carboniteservice.exe"
+ "EvtEng" "Manages the event trace messages for all the components of Intel® PROSet/Wireless software." "Intel Corporation" "c:\program files\intel\wireless\bin\evteng.exe"
+ "FreeAgentGoNext Service" "Seagate Service" "Seagate Technology LLC" "c:\program files\seagate\seagatemanager\sync\freeagentservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\615\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "lxdu_device" "Printer Communication System" " " "c:\windows\system32\lxducoms.exe"
+ "lxduCATSCustConnectService" "Lexmark Connect Service Executable" "Lexmark International, Inc." "c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "o2flash" "O2 Flash Memory Service" "O2Micro International" "c:\program files\o2micro flash memory card driver\o2flash.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Intel® PROSet/Wireless Registry Service" "Intel Corporation" "c:\program files\intel\wireless\bin\regsrvc.exe"
+ "SBAMSvc" "Manages your anti-malware application." "Sunbelt Software" "c:\program files\common files\antivirus\sbamsvc.exe"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "SystemSuite Task Manager" "Manages user sessions, scheduled tools, active monitors and other background tasks." "Avanquest Software" "c:\program files\avanquest\systemsuite\mxtask.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "BCM42RLY" "" "" "File not found: system32\drivers\BCM42RLY.sys"
+ "BCM43XV" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corp." "c:\windows\system32\drivers\bcmwl6.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corp." "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "DLABMFSM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlabmfsm.sys"
+ "DLABOIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaboiom.sys"
+ "DLACDBHM" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlacdbhm.sys"
+ "DLADResM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dladresm.sys"
+ "DLAIFS_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaifs_m.sys"
+ "DLAOPIOM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaopiom.sys"
+ "DLAPoolM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlapoolm.sys"
+ "DLARTL_M" "Shared Driver Component" "Roxio" "c:\windows\system32\drivers\dlartl_m.sys"
+ "DLAUDF_M" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaudf_m.sys"
+ "DLAUDFAM" "Drive Letter Access Component" "Roxio" "c:\windows\system32\drivers\dlaudfam.sys"
+ "DRVMCDB" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "DRVNDDM" "Device Driver Manager" "Roxio" "c:\windows\system32\drivers\drvnddm.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "ivusb" "Initio Default Vendor Specific Device Driver" "Initio Corporation" "c:\windows\system32\drivers\ivusb.sys"
+ "KFilter" "" "" "c:\program files\avanquest\systemsuite\kfilter.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "O2MDRDR" "o2media" "O2Micro " "c:\windows\system32\drivers\o2media.sys"
+ "O2SDRDR" "O2Micro SD Reader Driver" "O2Micro " "c:\windows\system32\drivers\o2sd.sys"
+ "OMCI" "" "" "File not found: C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTL8169" "Realtek 8136/8168/8169 NDIS6 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rtlh86.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "sbapifs" "Active Protection Filter Driver" "Sunbelt Software" "c:\windows\system32\drivers\sbapifs.sys"
+ "SBRE" "Anti-Rootkit Engine" "Sunbelt Software" "c:\windows\system32\drivers\sbredrv.sys"
+ "sbtis" "Sunbelt TDI Inspection System" "Sunbelt Software" "c:\windows\system32\drivers\sbtis.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "TFilter" "" "" "c:\program files\avanquest\systemsuite\tfilter.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Cinemaster® Audio Decoder 4.2" "SonicHDAudio" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemasteraudio.dll"
+ "Sonic Cinemaster® VideoDecoder 4.1" "CinemasterVideo" "Sonic Solutions" "c:\program files\common files\sonic shared\cinemastervideo.dll"
+ "Sonic HD Demuxer" "Sonic HD Demuxer" "" "c:\program files\common files\sonic shared\sonichddemuxer.dll"
+ "Sonic HD Nav" "SonicHDNav" "" "c:\program files\common files\sonic shared\sonichdnav.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "5600-6600 Series Port" "Printer Communication System" " " "c:\windows\system32\lxdulmpm.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
"C:\Users\Scott\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "CPU Meter" "See the current computer CPU and system memory (RAM)." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\Gadget.xml"



Sorry this is taking so long. But work is getting in the way. I appreciate the time you are putting into this issue.

Scott
Still searching for the "Read My Mind and Do It" button.

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:31 AM

Posted 13 August 2011 - 01:05 PM

I would recommend removing your current anti-virus on your computer, and try Microsoft Security Essentials as a virus scanner, because its free and very light weight.

#14 Scottintexas

Scottintexas
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 16 August 2011 - 08:22 AM

Thanks for all your help, Cryptodan.

I may switch to the other but the system suite is a whole lot more than just a firewall and virus scanner. I'll have to find something to replace everything it does. It's also cheap. I can install it on three computers for one price. I have been using it every year for a few years now. I buy a new version every year and upgrade all three computers.

Ever since I had to go to Windows Vista I have had problems. The system is always unstable. It appears to just freeze from time to time. Other programs will quit responding for a time. Watching the processor usage I keep seeing MXtask and MXTask2 using 30-40%. A couple other MS programs are jumping up and down on the processor and every now and then it goes to 100% occupied and everything just freezes for a while until it settles down again. I'll just have to wait until this weekend to go through everything because I need my machine too much for work to mess it up any more than it already is.

Will reinstalling Windows kill all the updates I have downloaded? On one of the "Updates are available.." I got an error. The error led to the help screen that said I may need to reinstall Windows. I don't have the error code now or I'd tell you what it was.
Still searching for the "Read My Mind and Do It" button.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:31 AM

Posted 16 August 2011 - 08:27 AM

Windows Firewall and Microsoft Security Essentials in conjunction with a router will offer excellent protection and for free.

I never had issues with Windows Vista when I used it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users