Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Total freezes

(In Progress)
(!)

dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
04-Jan-2012, 07:43 PM #1
Total freezes
My pc has periodic freezes that I can't find the cause of. Not sure if it's windows, software, or hardware causing it. It can happen while surfing or just working in one of my partitions. Error reporting shows nothing for the time span this happens in. Malwarebytes, Superantispyware and windows essentials finds nothing in scans. Hardware Monitor shows a steady 50c running Folding@Home at 100%. Gpu at 65c doing the same. I have a crash dump reporting tool that shows nothing at the time these freezes happen. I'm stumped and it's p*ssing me off!

Any help is appreciated.

Asus M3A76-CM
AMD Phenom 9850 Quad core
2x2048 Kingston HyperX pc-6400
EVGA GTS250
Antec 650 Earthwatts PSU
CPU and GPU watercooled
user22's Avatar
user22 user22 is offline
Account Disabled with 197 posts.
 
Join Date: Dec 2011
04-Jan-2012, 07:49 PM #2
Would you please tell me which antivirus applications you have had previously on this machine any and all.The reason I ask is because some like to hang around after you uninstall via add remove programs and require the use of removal tools.




What kind of computer do you have exactly??Example Compaq presario c700


Download CCLEANER


Just DONT us the registry cleaner function of CCleaner unless you know what you are deleting exactly!!

Then open ccleaner hit the tools button then startup second one down below uninstall then in the bottom right hand corner of ccleaner hit save to text file.Save it to your desktop and post the startup.txt here in your next reply.


Hit the start button in lower left hand corner. Then in the run box type msconfig, then hit the services tab then put a check mark in hide microsoft services what is listed there,after hiding microsoft services?Please post back to us in a vertical list.

Please download MINITOOLBOX When the box opens click save file, save it to the desktop and run it.





Checkmark the following boxes:


Flush Dns
List Installed Programs
List Users, Partitions and Memory size
Click Go and post the result.

Run sfc /scannow also run chkdsk /r Links explaining below.




chkdsk /r

sfc /scannow

IF THIS IS A DESKTOP Unplug the tower open up the side.Get can of compressed air and blow out the machine and reseat the ram modules video card etc,see video Plug it back in and see how it goes.WHILE YOU HAVE THE RAM AND VIDEO CARD OUT BLOW OUT THE SLOTS THAT THEY PLUG INTO.ALSO BLOW OUT THE HEAT SINK.SEE VIDEO




PLEASE READ CAREFULLY AND POST ALL INFORMATION REQUESTED!!

I want to make one thing very clear DO NOT use the registry cleaner function of ccleaner!!
dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
04-Jan-2012, 08:29 PM #3
Did have Panda Anti-virus on here before, but now Windows Essentials. Ran CCleaner last night to get rid of junk. And I use Auslogics registry cleaner and defrager weekly. And I strip down and blow out each of my 4 pcs once a month. I live in a dusty part of Texas, so I do maintenance more often then most. And no heatsink to blow out since I water cool. Computer is home built. All of mine are.

Here are the logs you requested.

Startuo

Yes HKCU:Run winupdater C:\WINDOWS\system32\Windupdt\winupdate.exe
No HKCU:Run DriverUpdaterPro G:\DriverUpdaterPro2.2.8.0\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
No HKCU:Run FlashPlayerUpdate
No HKCU:Run NMIndexStoreSvr "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
No HKCU:Run LightScribeControlPanel C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
No HKCU:Run proxyway
No HKCU:Run SEPCSuite
Yes HKLM:Run UpdateLBPShortCut "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
Yes HKLM:Run MDS_Menu "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
Yes HKLM:Run UpdateP2GoShortCut "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
Yes HKLM:Run UpdatePPShortCut "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
Yes HKLM:Run UCam_Menu "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
Yes HKLM:Run UpdatePSTShortCut "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
Yes HKLM:Run EKAiO2StatusMonitor C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
Yes HKLM:Run Conime %windir%\system32\conime.exe
No HKLM:Run APSDaemon "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No HKLM:Run UpdateChecker C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
No HKLM:Run brs C:\Program Files\Cyberlink\Shared files\brs.exe
No HKLM:Run CLMLSvc "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
No HKLM:Run conime %windir%\system32\conime.exe
No HKLM:Run DriverReviver "C:\Program Files\Reviversoft\Driver Reviver\DriverReviver.exe" /autorun
No HKLM:Run EKAiO2MUI C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
No HKLM:Run EVGAPrecision "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
No HKLM:Run HDeck C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
No HKLM:Run HotSync
No HKLM:Run InCD C:\Program Files\Nero\Nero8\InCD\InCD.exe
No HKLM:Run dumprep 0 -k %systemroot%\system32\dumprep 0 -k
No HKLM:Run fwupdate "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
No HKLM:Run LifeExp "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
No HKLM:Run ICQNet
No HKLM:Run msseces "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No HKLM:Run NeroCheck C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
No HKLM:Run NvCpl RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
No HKLM:Run RunDLL32 RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
No HKLM:Run nwiz C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
No HKLM:Run QTTask "C:\Program Files\QuickTime\QTTask.exe" -atboottime
No HKLM:Run PDVD9Serv "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
No HKLM:Run NBHGui C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
No HKLM:Run jusched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run UnlockerAssistant "C:\Program Files\Unlocker\UnlockerAssistant.exe"
No HKLM:Run vVX1000 C:\WINDOWS\vVX1000.exe
Yes Startup Common NETGEAR WNA1100 Smart Wizard.lnk C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
No Startup Common
No Startup Common What's my computer doing.lnk C:\PROGRA~1\WHAT'S~1\WHATSM~1.EXE /FromAutostart
Yes Startup User FAHControl.lnk C:\Program Files\FAHClient\FAHControl.exe
No Startup User crss.exe C:\Documents and Settings\phil\Start Menu\Programs\Startup\crss.exe
No Startup User Folding@home-gpu.lnk C:\Documents and Settings\phil\Application Data\Microsoft\Installer\{01DAE036-0879-4915-ADC7-4692A34D7899}\_67D573B2A1F87359317B74.exe


Services

Atheros Configuration Service > Runnung
AODService >Stopped
CyberLink Product - 2011/02/ > Stopped
Folding@Home CPU (1) > Running
InstallDriver Table Manager > Stopped
Windows CardSpace > Stopped
IImapi Helper > Stopped
Java Quick Starter > Running
JumpStart Wi-Fi Protected Setup > Stopped
Via Karaoke digital mixer service > Stopped
Kodak AIO Nerwork Discovery > Running
LightscribeService Direct Disc > Stopped
McciCMService > Running
MPICH2 Process manager > Stopped
MSCamSVC > Running
Microsoft Antimalware Service > Running
NVIDIA Driver Helper Service > Stopped
NVIDIA Update Service Daemon > Stopped
CyberLink RichVideo Service (CRVS) > Stopped
Updater Service for StartNow Toolbar > Running
WSWNA1100 > Running


Minitoolbox


MiniToolBox by Farbar
Ran by phil (administrator) on 04-01-2012 at 18:18:06
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


=========================== Installed Programs ============================


µTorrent (Version: 2.0.3)
Ace Translator (Version: 4.1)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
aioscnnr (Version: 7.0.5.10)
All Free Video Joiner 4.1.6
AMD OverDrive (Version: 3.2.3.0457)
AMD Processor Driver (Version: 1.3.2.0053)
Apple Application Support (Version: 2.1.5)
Application Verifier (Version: 4.1.1078)
ASUSUpdate
AusLogics BoostSpeed (Version: version 4.1)
Avidemux 2.5 (32-bit) (Version: 2.5.4.7200)
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BulletProof FTP Server (remove only)
C4USelfUpdater (Version: 1.00.0000)
CCleaner (Version: 2.35)
center (Version: 6.2.5.0)
Complitly
ConvertXtoDVD 4.1.0.333 (Version: 4.1.0.333)
CPUID HWMonitor 1.17
CuteFTP 7 Home (Version: 7.10.0000)
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink LG Burning Tool (Version: 6.2.3714)
CyberLink MediaShow (Version: 4.1.3402)
CyberLink PowerDVD 9 (Version: 9.0.2919.52)
CyberLink PowerProducer (Version: 5.0.1.1520)
CyberLink YouCam (Version: 1.0.2609)
Danger from the Deep 0.3.0.0 (Version: 0.3.0.0)
Debugging Tools for Windows (x86) (Version: 6.12.2.633)
DH Driver Cleaner Professional Edition (Version: Version 1.5)
Driver Reviver (Version: 3.1.648.6846)
essentials (Version: 6.0.14.0)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
EVGA Precision 1.9.5 (Version: 1.9.5)
FAHClient (Version: 7.1.33)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
Forum Proxy Leecher 1.10
Foxit Reader (Version: 4.1.1.805)
Free File Viewer 2011
Free Hide Folder
Haali Media Splitter
Hoyle Casino 6
Hoyle Mahjong Tiles
ImgBurn (Version: 2.5.5.0)
iSkysoft DVD Audio Ripper(Build 2.1.0.13)
iSkysoft DVD Ripper(Build 2.2.0.0)
iSkysoft DVD Studio Pack(Build 2.2.0.0)
iSkysoft Video Converter(Build 2.2.0.0)
ISO Recorder (Version: 2.0.0)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
Kodak AIO Printer (Version: 7.0.3.0)
KODAK AiO Software (Version: 7.1.6.30)
LBreakout2 2.4.1
LibreOffice 3.3 Help Pack (English) (Version: 3.3.202)
LightScribe System Software (Version: 1.18.14.1)
MailWasher Pro
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft XML Parser (Version: 8.70.1104.04)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
neroxml (Version: 1.0.0)
NETGEAR WNA1100 N150 Wireless USB Adapter (Version: 1.0.0.133)
NirSoft BlueScreenView
NirSoft ProduKey
NirSoft Wireless Network Watcher
No-IP DUC (Version: 3.0.4)
NVIDIA Control Panel 280.26 (Version: 280.26)
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA nView 135.94 (Version: 135.94)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Update 1.4.28 (Version: 1.4.28)
NVIDIA Update Components (Version: 1.4.28)
ocr (Version: 6.2.3.50)
Opera 10.63 (Version: 10.63)
Paint.NET v3.5.8 (Version: 3.58.0)
Pale Moon (3.6.18) (Version: 3.6.18 (en-US))
PC Probe II (Version: 1.04.80)
Platform (Version: 1.32)
PreReq (Version: 6.2.2.60)
Pretty Good Solitaire version 9.1.0 (Version: 9.1.0)
Proxy Checker 7.4 (build 18)
Proxy Finder Enterprise Edition
ProxyChecker (remove only)
QuickTime (Version: 7.66.71.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.19.0000)
Revo Uninstaller 1.89 (Version: 1.89)
SAMSUNG Intelli-studio
SeaTools for Windows (Version: 1.2.0.2)
Security Task Manager 1.8d (Version: 1.8d)
Sky Fight
Sothink HD Movie Maker (Version: 1.2)
StartNow Toolbar (Version: 2.4.0)
Super Clicks (Version: 3.0)
System Explorer 3.5.3
Tipard Mod Converter 6.1.16
TonyVegasOCR (Version: 1.3.0000)
Total Video Converter 3.71 100812
Unlocker 1.9.0 (Version: 1.9.0)
VIA Platform Device Manager (Version: 1.32)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 0.9.9 (Version: 0.9.9)
VSO CopyToDVD 4 (Version: 4.3.1.12c)
WebFldrs XP (Version: 9.50.7523)
WhoCrashed 3.03
Winamp (Version: 5.623 )
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Wings of Honor - Battles of the Red Baron Arcade (remove only)
WinRAR archiver
WinX HD Video Converter Deluxe 3.12.1
Xilisoft Blu-ray Creator 2 (Version: 2.0.3.1101)
Xilisoft Download YouTube Video (Version: 2.0.25.1210)

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 3327.04 MB
Available physical RAM: 2581.16 MB
Total Pagefile: 5211.23 MB
Available Pagefile: 4597.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.86 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:63.47 GB) (Free:38.71 GB) NTFS
3 Drive e: (stuff) (Fixed) (Total:195.25 GB) (Free:181.83 GB) NTFS
4 Drive f: (hold) (Fixed) (Total:196.22 GB) (Free:196.13 GB) NTFS
5 Drive g: (things) (Fixed) (Total:242.19 GB) (Free:223.84 GB) NTFS
6 Drive h: (****) (Fixed) (Total:234.38 GB) (Free:224.73 GB) NTFS
7 Drive r: () (Fixed) (Total:372.61 GB) (Free:364.43 GB) NTFS

========================= Users: ========================================

User accounts for \\ME

Administrator Guest HelpAssistant
phil SUPPORT_388945a0 UpdatusUser


**** End of log ****
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,317 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
04-Jan-2012, 08:56 PM #4
There is evidence of a malware infestation in there.


1- Please click HERE to download HijackThis.

2- Run the program.

3- Click on the Main Menu button if not already there.

4- Select Do a system scan and save a logfile.

5- Copy and paste the scan log from Notepad into your next reply.

6- Do not "Fix" anything unless advised to do so.
__________________

• Please read instructions and questions carefully, and reply in a timely manner... Thank you.

• Why don't you just Google it?
• If your problem is solved, please click on the Mark Solved button.

Last edited by Phantom010; 04-Jan-2012 at 09:02 PM..
dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
04-Jan-2012, 09:06 PM #5
HJT log as requested.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:03:55 PM, on 1/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\f\fah.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\f\FahCore_a4.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\WINDOWS\system32\Windupdt\winupdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\Windupdt\winu pdate.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe,C:\WINDOWS\system32\Wi ndupdt\winupdate.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\phil\Application Data\Complitly\Complitly.dll
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [EKAiO2StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [winupdater] C:\WINDOWS\system32\Windupdt\winupdate.exe
O4 - Startup: FAHControl.lnk = C:\Program Files\FAHClient\FAHControl.exe
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: CyberLink Product - 2011/02/22 20:50:56 (CLKMSVC10_E92D8507) - CyberLink - C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\f\fah.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\fah\smpd.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

--
End of file - 7370 bytes
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,317 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
04-Jan-2012, 09:07 PM #6
Your computer is definitely infected. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
04-Jan-2012, 10:00 PM #7
Doesn't seem like it's going to be moved, so I guess I'll start a new thread and link this one.
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,317 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
04-Jan-2012, 10:02 PM #8
Don't worry, it'll be moved.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,583 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Jan-2012, 04:29 AM #9
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
05-Jan-2012, 10:58 AM #10
My ComboFix log.

ComboFix 12-01-05.01 - phil 01/05/2012 8:44.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2864 [GMT -6:00]
Running from: c:\documents and settings\phil\Desktop\username123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro Titanium *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\phil\Application Data\chrtmp
c:\documents and settings\phil\Application Data\inst.exe
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_norma l.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\documents and settings\phil\Application Data\vso_ts_preview.xml
c:\documents and settings\phil\Start Menu\Internet Explorer.lnk
c:\program files\Internet Explorer\1.tmp
c:\program files\Internet Explorer\3.tmp
c:\program files\Internet Explorer\4.tmp
c:\program files\Internet Explorer\4E.tmp
c:\program files\Internet Explorer\5.tmp
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\$NtUninstallKB52986$
c:\windows\$NtUninstallKB52986$\2056151434
c:\windows\system32\Install.bat
c:\windows\system32\readme.rtf
c:\windows\system32\Windupdt
c:\windows\system32\Windupdt\winupdate.exe
G:\setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.serial
-------\Service_Security
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 14:50 . 2012-01-05 14:50 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB6F3F6F-BAC2-4C0B-A112-19FAF484C584}\offreg.dll
2012-01-04 23:08 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB6F3F6F-BAC2-4C0B-A112-19FAF484C584}\mpengine.dll
2012-01-03 16:55 . 2012-01-03 16:55 -------- d-----w- c:\documents and settings\phil\Application Data\Digiarty
2012-01-03 16:55 . 2012-01-03 16:55 -------- d-----w- c:\program files\Digiarty
2011-12-28 14:12 . 2007-08-21 19:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2011-12-28 14:11 . 2011-12-28 14:11 -------- d-----w- c:\program files\FoxTabPDFConverter
2011-12-20 22:30 . 2011-12-20 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Temp
2011-12-15 02:50 . 2011-12-15 02:50 -------- d-----w- c:\program files\Appnimi
2011-12-09 17:23 . 2011-12-09 17:23 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-12-07 02:33 . 2008-04-13 20:15 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-12-07 02:33 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-06 22:15 . 2011-12-06 22:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 13:30 . 2011-08-13 22:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 10:47 . 2011-09-25 05:29 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-01 20:35 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2010-07-31 01:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-09 15:16 . 2011-05-25 05:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"EKAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI .exe" [2011-09-02 2717696]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
.
c:\documents and settings\phil\Start Menu\Programs\Startup\
FAHControl.lnk - c:\program files\FAHClient\FAHControl.exe [2011-9-19 1525760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2011-8-13 4545024]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsprof lt]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^What's my computer doing.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\What's my computer doing.lnk
backup=c:\windows\pss\What's my computer doing.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^phil^Start Menu^Programs^Startup^crss.exe]
path=c:\documents and settings\phil\Start Menu\Programs\Startup\crss.exe
backup=c:\windows\pss\crss.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^phil^Start Menu^Programs^Startup^Folding@home-gpu.lnk]
path=c:\documents and settings\phil\Start Menu\Programs\Startup\Folding@home-gpu.lnk
backup=c:\windows\pss\Folding@home-gpu.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 18:45 114688 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-05-14 05:02 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-12-15 19:47 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverReviver]
2011-04-23 21:20 2861376 ----a-w- c:\program files\Reviversoft\Driver Reviver\DriverReviver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKAIO2StatusMonitor]
2011-09-02 18:29 2717696 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVGAPrecision]
2010-07-09 23:30 302184 ----a-w- c:\program files\EVGA Precision\EVGAPrecision.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-02-17 06:11 33595392 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 20:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-04-22 19:10 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-07-05 15:08 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 20:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 20:27 762736 ----a-w- c:\windows\vVX1000.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mpiexec.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"g:\\Charon\\Charon.exe"=
"c:\\Program Files\\Proxy Checker\\PCv7.exe"=
"g:\\Charon\\Stan.exe"=
"g:\\Hell_Labs_Proxy_Checker_Personal_v7.4\\PCv7.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"53168:TCP"= 53168:TCP:Mezzmo Media Server Service
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/31/2010 11:58 AM 11448]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/18/2011 3:42 AM 21992]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 5:00 PM 393648]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [3/5/2011 12:58 PM 66944]
R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [8/13/2011 2:04 PM 266240]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [8/13/2011 2:04 PM 1759584]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [8/13/2011 2:04 PM 57440]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/24/2011 11:29 PM 47360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [1/18/2011 4:16 PM 197224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/30/2010 8:22 PM 2795376]
S0 MFX;MFX; [x]
S1 MpKsl0d23ec04;MpKsl0d23ec04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EE7DB07-126C-4D3A-9391-9CDC9FEF18F9}\MpKsl0d23ec04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EE7DB07-126C-4D3A-9391-9CDC9FEF18F9}\MpKsl0d23ec04.sys [?]
S1 MpKsl10688ebe;MpKsl10688ebe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25F3EB5C-FA1B-4333-A905-84752256C2E4}\MpKsl10688ebe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25F3EB5C-FA1B-4333-A905-84752256C2E4}\MpKsl10688ebe.sys [?]
S1 MpKsl13267518;MpKsl13267518;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl13267518.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl13267518.sys [?]
S1 MpKsl144bd9b7;MpKsl144bd9b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F703DAAB-998B-4DB3-BF04-FC9DD66E2641}\MpKsl144bd9b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F703DAAB-998B-4DB3-BF04-FC9DD66E2641}\MpKsl144bd9b7.sys [?]
S1 MpKsl14f7e58d;MpKsl14f7e58d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl14f7e58d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl14f7e58d.sys [?]
S1 MpKsl1e992d58;MpKsl1e992d58;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25CCA49D-E54B-4302-B6F6-A01564A36095}\MpKsl1e992d58.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25CCA49D-E54B-4302-B6F6-A01564A36095}\MpKsl1e992d58.sys [?]
S1 MpKsl257d2dc6;MpKsl257d2dc6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl257d2dc6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl257d2dc6.sys [?]
S1 MpKsl27638bfb;MpKsl27638bfb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0EB1E4D-D36C-4D56-8D8D-9D2B4EF007FC}\MpKsl27638bfb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0EB1E4D-D36C-4D56-8D8D-9D2B4EF007FC}\MpKsl27638bfb.sys [?]
S1 MpKsl27be0f9e;MpKsl27be0f9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16AB18C3-5C12-4137-8C92-E74F52053E08}\MpKsl27be0f9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16AB18C3-5C12-4137-8C92-E74F52053E08}\MpKsl27be0f9e.sys [?]
S1 MpKsl2c95663c;MpKsl2c95663c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl2c95663c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl2c95663c.sys [?]
S1 MpKsl2e6d605e;MpKsl2e6d605e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsl2e6d605e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsl2e6d605e.sys [?]
S1 MpKsl369f2ad9;MpKsl369f2ad9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{581EB0B1-4971-46D1-956D-34D51B2941FB}\MpKsl369f2ad9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{581EB0B1-4971-46D1-956D-34D51B2941FB}\MpKsl369f2ad9.sys [?]
S1 MpKsl39c3bc85;MpKsl39c3bc85;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{944F6D0C-32C0-49C6-B07A-8F4705E970CB}\MpKsl39c3bc85.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{944F6D0C-32C0-49C6-B07A-8F4705E970CB}\MpKsl39c3bc85.sys [?]
S1 MpKsl3c9174da;MpKsl3c9174da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F563A42-6AB2-4EAC-9B24-201FD72D72CA}\MpKsl3c9174da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F563A42-6AB2-4EAC-9B24-201FD72D72CA}\MpKsl3c9174da.sys [?]
S1 MpKsl42e43fec;MpKsl42e43fec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl42e43fec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl42e43fec.sys [?]
S1 MpKsl50c64407;MpKsl50c64407;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl50c64407.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl50c64407.sys [?]
S1 MpKsl55314462;MpKsl55314462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsl55314462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsl55314462.sys [?]
S1 MpKsl562e0fac;MpKsl562e0fac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80C68568-8976-4888-B1BD-6B3102027730}\MpKsl562e0fac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80C68568-8976-4888-B1BD-6B3102027730}\MpKsl562e0fac.sys [?]
S1 MpKsl5baebe85;MpKsl5baebe85;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl5baebe85.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl5baebe85.sys [?]
S1 MpKsl5cf0a0da;MpKsl5cf0a0da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl5cf0a0da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl5cf0a0da.sys [?]
S1 MpKsl5e95e964;MpKsl5e95e964;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl5e95e964.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl5e95e964.sys [?]
S1 MpKsl638d1573;MpKsl638d1573;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl638d1573.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl638d1573.sys [?]
S1 MpKsl63930735;MpKsl63930735;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33AA4663-F20F-49E2-AC7E-F456F38DB019}\MpKsl63930735.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33AA4663-F20F-49E2-AC7E-F456F38DB019}\MpKsl63930735.sys [?]
S1 MpKsl642d8b91;MpKsl642d8b91;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B4583AD-CB48-4776-BAE4-F5DB2073F420}\MpKsl642d8b91.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B4583AD-CB48-4776-BAE4-F5DB2073F420}\MpKsl642d8b91.sys [?]
S1 MpKsl77bb575b;MpKsl77bb575b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{488E411E-040E-43EC-90BF-FE2896E9F8E1}\MpKsl77bb575b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{488E411E-040E-43EC-90BF-FE2896E9F8E1}\MpKsl77bb575b.sys [?]
S1 MpKsl82c9598d;MpKsl82c9598d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{478C8EDA-478D-4FEC-90C5-3F6A45BE6048}\MpKsl82c9598d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{478C8EDA-478D-4FEC-90C5-3F6A45BE6048}\MpKsl82c9598d.sys [?]
S1 MpKsl857f569c;MpKsl857f569c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{396C7229-ED18-434C-97DC-3F7E39A59147}\MpKsl857f569c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{396C7229-ED18-434C-97DC-3F7E39A59147}\MpKsl857f569c.sys [?]
S1 MpKsl8d27f993;MpKsl8d27f993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DF09798-4E41-465A-BE8E-1824EB3CB1B0}\MpKsl8d27f993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DF09798-4E41-465A-BE8E-1824EB3CB1B0}\MpKsl8d27f993.sys [?]
S1 MpKsl952a1a57;MpKsl952a1a57;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl952a1a57.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl952a1a57.sys [?]
S1 MpKsl9585d789;MpKsl9585d789;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8736E-D019-4F71-96AD-77F17F9A48A2}\MpKsl9585d789.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8736E-D019-4F71-96AD-77F17F9A48A2}\MpKsl9585d789.sys [?]
S1 MpKsl9bb7cba9;MpKsl9bb7cba9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A926881-D612-4F5D-AABC-D98ED70C0AD8}\MpKsl9bb7cba9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A926881-D612-4F5D-AABC-D98ED70C0AD8}\MpKsl9bb7cba9.sys [?]
S1 MpKsla61bf5df;MpKsla61bf5df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsla61bf5df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsla61bf5df.sys [?]
S1 MpKslabcf7ffa;MpKslabcf7ffa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88464706-1DDC-41F6-B9CF-B5AA4A1362AB}\MpKslabcf7ffa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88464706-1DDC-41F6-B9CF-B5AA4A1362AB}\MpKslabcf7ffa.sys [?]
S1 MpKslb6b30463;MpKslb6b30463;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B6D0B4C-5B74-4491-85BA-160002C95EBF}\MpKslb6b30463.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B6D0B4C-5B74-4491-85BA-160002C95EBF}\MpKslb6b30463.sys [?]
S1 MpKslc175250c;MpKslc175250c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKslc175250c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKslc175250c.sys [?]
S1 MpKslc3be77d6;MpKslc3be77d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B713FBA9-593B-4016-A26E-01493C556FF4}\MpKslc3be77d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B713FBA9-593B-4016-A26E-01493C556FF4}\MpKslc3be77d6.sys [?]
S1 MpKslc4a61efd;MpKslc4a61efd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKslc4a61efd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKslc4a61efd.sys [?]
S1 MpKsldba7611b;MpKsldba7611b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5040BC33-A367-421F-83AB-8DC6AD863804}\MpKsldba7611b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5040BC33-A367-421F-83AB-8DC6AD863804}\MpKsldba7611b.sys [?]
S1 MpKsle3fcd2e6;MpKsle3fcd2e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKsle3fcd2e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKsle3fcd2e6.sys [?]
S1 MpKsle49bf007;MpKsle49bf007;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsle49bf007.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsle49bf007.sys [?]
S1 MpKsle4a7df5a;MpKsle4a7df5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B23901FE-76CA-401B-84B1-ED7CDA99DB40}\MpKsle4a7df5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B23901FE-76CA-401B-84B1-ED7CDA99DB40}\MpKsle4a7df5a.sys [?]
S1 MpKsleb23c930;MpKsleb23c930;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsleb23c930.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsleb23c930.sys [?]
S1 MpKslecbecd03;MpKslecbecd03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE5EF4-FB94-4F87-97F8-CD9CC740545E}\MpKslecbecd03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE5EF4-FB94-4F87-97F8-CD9CC740545E}\MpKslecbecd03.sys [?]
S1 MpKslf70a29d6;MpKslf70a29d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73934E14-757E-4412-BED2-A9087CDC1723}\MpKslf70a29d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73934E14-757E-4412-BED2-A9087CDC1723}\MpKslf70a29d6.sys [?]
S1 MpKslfb6ec777;MpKslfb6ec777;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3878C06E-8DAF-46F6-ADAA-8314C17BDA40}\MpKslfb6ec777.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3878C06E-8DAF-46F6-ADAA-8314C17BDA40}\MpKslfb6ec777.sys [?]
S1 MpKslfd73c179;MpKslfd73c179;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKslfd73c179.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKslfd73c179.sys [?]
S1 MpKslfddddcfd;MpKslfddddcfd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKslfddddcfd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKslfddddcfd.sys [?]
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\fah\smpd.exe --> c:\fah\smpd.exe [?]
S3 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [7/1/2010 3:45 AM 136616]
S3 CLKMSVC10_E92D8507;CyberLink Product - 2011/02/22 20:50;c:\program files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [5/14/2010 2:02 PM 246256]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [8/13/2011 2:04 PM 360529]
S3 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2/17/2011 9:50 PM 88688]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.s ys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B5.tmp --> c:\windows\system32\1B5.tmp [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/30/2011 1:41 PM 2255464]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8/6/2010 11:52 AM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8/6/2010 11:52 AM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8/6/2010 11:52 AM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8/6/2010 11:52 AM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8/6/2010 11:52 AM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8/6/2010 11:52 AM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8/6/2010 11:52 AM 109864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 19:09 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-25 22:35]
.
2012-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel -
Trusted Zone: $TALISMA_URL$
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.pcpitstop.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111228&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
MSConfigStartUp-DriverUpdaterPro - g:\driverupdaterpro2.2.8.0\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe
MSConfigStartUp-winupdater - c:\windows\system32\Windupdt\winupdate.exe
AddRemove-Hoyle Casino 6 - c:\sierra\Hoyle Casino 6\Uninst.isu
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 08:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B5.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\acs.exe
c:\f\fah.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\f\FahCore_a4.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2012-01-05 08:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 14:53
.
Pre-Run: 43,578,179,584 bytes free
Post-Run: 43,463,557,120 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - FBA52CB5E6164F4CB5BFA2C50DC5542B


I will not know if this has corrected the problem for a few days. The freezes were random.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,583 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Jan-2012, 02:01 PM #11
That removed a lot of malware
you were infected by having out of date & vulnerable software
IE6 is dangerous & you should go to to http://windows.microsoft.com/en-US/i...oducts/ie/home

& update to IE8 immediately
It doesn't matter if you never use IE, just having it installed is enough enough, becasue it is so deeply embedded in the operating system
dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
05-Jan-2012, 02:45 PM #12
IE is now updated to 8. As you noted, I almost never use it. I usually use Firefox or Pale Moon browsers.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,583 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Jan-2012, 03:03 PM #13
let us know how it gets on over the next day or so
then we can finish off or investigate further if there are still problems
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,583 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
05-Jan-2012, 03:07 PM #14
looking back over the log, there just might be a TDSS or other mbr rootkit
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS, which should be ignored) & then reboot

post back with its log
dickster's Avatar
dickster dickster is offline
Member with 422 posts.
THREAD STARTER
 
Join Date: Dec 2001
05-Jan-2012, 03:31 PM #15
No threats found, and no log was generated.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑