1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Total freezes

Discussion in 'Virus & Other Malware Removal' started by dickster, Jan 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    My pc has periodic freezes that I can't find the cause of. Not sure if it's windows, software, or hardware causing it. It can happen while surfing or just working in one of my partitions. Error reporting shows nothing for the time span this happens in. Malwarebytes, Superantispyware and windows essentials finds nothing in scans. Hardware Monitor shows a steady 50c running Folding@Home at 100%. Gpu at 65c doing the same. I have a crash dump reporting tool that shows nothing at the time these freezes happen. I'm stumped and it's p*ssing me off!

    Any help is appreciated.

    Asus M3A76-CM
    AMD Phenom 9850 Quad core
    2x2048 Kingston HyperX pc-6400
    EVGA GTS250
    Antec 650 Earthwatts PSU
    CPU and GPU watercooled
     
  2. user22

    user22 Banned

    Joined:
    Dec 10, 2011
    Messages:
    197
    Would you please tell me which antivirus applications you have had previously on this machine any and all.The reason I ask is because some like to hang around after you uninstall via add remove programs and require the use of removal tools.




    What kind of computer do you have exactly??Example Compaq presario c700


    Download CCLEANER


    Just DONT us the registry cleaner function of CCleaner unless you know what you are deleting exactly!!

    Then open ccleaner hit the tools button then startup second one down below uninstall then in the bottom right hand corner of ccleaner hit save to text file.Save it to your desktop and post the startup.txt here in your next reply.


    Hit the start button in lower left hand corner. Then in the run box type msconfig, then hit the services tab then put a check mark in hide microsoft services what is listed there,after hiding microsoft services?Please post back to us in a vertical list.

    Please download MINITOOLBOX When the box opens click save file, save it to the desktop and run it.





    Checkmark the following boxes:


    Flush Dns
    List Installed Programs
    List Users, Partitions and Memory size
    Click Go and post the result.

    Run sfc /scannow also run chkdsk /r Links explaining below.




    chkdsk /r

    sfc /scannow

    IF THIS IS A DESKTOP Unplug the tower open up the side.Get can of compressed air and blow out the machine and reseat the ram modules video card etc,see video Plug it back in and see how it goes.WHILE YOU HAVE THE RAM AND VIDEO CARD OUT BLOW OUT THE SLOTS THAT THEY PLUG INTO.ALSO BLOW OUT THE HEAT SINK.SEE VIDEO

    http://www.youtube.com/watch?v=DLxNPBQBfT8&feature=player_embedded


    PLEASE READ CAREFULLY AND POST ALL INFORMATION REQUESTED!! :)

    I want to make one thing very clear DO NOT use the registry cleaner function of ccleaner!!
     
  3. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    Did have Panda Anti-virus on here before, but now Windows Essentials. Ran CCleaner last night to get rid of junk. And I use Auslogics registry cleaner and defrager weekly. And I strip down and blow out each of my 4 pcs once a month. I live in a dusty part of Texas, so I do maintenance more often then most. And no heatsink to blow out since I water cool. Computer is home built. All of mine are.

    Here are the logs you requested.

    Startuo

    Yes HKCU:Run winupdater C:\WINDOWS\system32\Windupdt\winupdate.exe
    No HKCU:Run DriverUpdaterPro G:\DriverUpdaterPro2.2.8.0\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
    No HKCU:Run FlashPlayerUpdate
    No HKCU:Run NMIndexStoreSvr "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    No HKCU:Run LightScribeControlPanel C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    No HKCU:Run proxyway
    No HKCU:Run SEPCSuite
    Yes HKLM:Run UpdateLBPShortCut "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    Yes HKLM:Run MDS_Menu "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    Yes HKLM:Run UpdateP2GoShortCut "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    Yes HKLM:Run UpdatePPShortCut "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    Yes HKLM:Run UCam_Menu "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    Yes HKLM:Run UpdatePSTShortCut "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    Yes HKLM:Run EKAiO2StatusMonitor C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
    Yes HKLM:Run Conime %windir%\system32\conime.exe
    No HKLM:Run APSDaemon "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    No HKLM:Run UpdateChecker C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
    No HKLM:Run brs C:\Program Files\Cyberlink\Shared files\brs.exe
    No HKLM:Run CLMLSvc "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
    No HKLM:Run conime %windir%\system32\conime.exe
    No HKLM:Run DriverReviver "C:\Program Files\Reviversoft\Driver Reviver\DriverReviver.exe" /autorun
    No HKLM:Run EKAiO2MUI C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
    No HKLM:Run EVGAPrecision "C:\Program Files\EVGA Precision\EVGAPrecision.exe" /s
    No HKLM:Run HDeck C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
    No HKLM:Run HotSync
    No HKLM:Run InCD C:\Program Files\Nero\Nero8\InCD\InCD.exe
    No HKLM:Run dumprep 0 -k %systemroot%\system32\dumprep 0 -k
    No HKLM:Run fwupdate "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    No HKLM:Run LifeExp "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    No HKLM:Run ICQNet
    No HKLM:Run msseces "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    No HKLM:Run NeroCheck C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    No HKLM:Run NvCpl RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    No HKLM:Run RunDLL32 RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    No HKLM:Run nwiz C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    No HKLM:Run QTTask "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    No HKLM:Run PDVD9Serv "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    No HKLM:Run NBHGui C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    No HKLM:Run jusched "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    No HKLM:Run UnlockerAssistant "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    No HKLM:Run vVX1000 C:\WINDOWS\vVX1000.exe
    Yes Startup Common NETGEAR WNA1100 Smart Wizard.lnk C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    No Startup Common
    No Startup Common What's my computer doing.lnk C:\PROGRA~1\WHAT'S~1\WHATSM~1.EXE /FromAutostart
    Yes Startup User FAHControl.lnk C:\Program Files\FAHClient\FAHControl.exe
    No Startup User crss.exe C:\Documents and Settings\phil\Start Menu\Programs\Startup\crss.exe
    No Startup User [email protected] C:\Documents and Settings\phil\Application Data\Microsoft\Installer\{01DAE036-0879-4915-ADC7-4692A34D7899}\_67D573B2A1F87359317B74.exe


    Services

    Atheros Configuration Service > Runnung
    AODService >Stopped
    CyberLink Product - 2011/02/ > Stopped
    Folding@Home CPU (1) > Running
    InstallDriver Table Manager > Stopped
    Windows CardSpace > Stopped
    IImapi Helper > Stopped
    Java Quick Starter > Running
    JumpStart Wi-Fi Protected Setup > Stopped
    Via Karaoke digital mixer service > Stopped
    Kodak AIO Nerwork Discovery > Running
    LightscribeService Direct Disc > Stopped
    McciCMService > Running
    MPICH2 Process manager > Stopped
    MSCamSVC > Running
    Microsoft Antimalware Service > Running
    NVIDIA Driver Helper Service > Stopped
    NVIDIA Update Service Daemon > Stopped
    CyberLink RichVideo Service (CRVS) > Stopped
    Updater Service for StartNow Toolbar > Running
    WSWNA1100 > Running


    Minitoolbox


    MiniToolBox by Farbar
    Ran by phil (administrator) on 04-01-2012 at 18:18:06
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================


    Windows IP Configuration



    Successfully flushed the DNS Resolver Cache.


    =========================== Installed Programs ============================


    ĀµTorrent (Version: 2.0.3)
    Ace Translator (Version: 4.1)
    Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
    Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
    aioscnnr (Version: 7.0.5.10)
    All Free Video Joiner 4.1.6
    AMD OverDrive (Version: 3.2.3.0457)
    AMD Processor Driver (Version: 1.3.2.0053)
    Apple Application Support (Version: 2.1.5)
    Application Verifier (Version: 4.1.1078)
    ASUSUpdate
    AusLogics BoostSpeed (Version: version 4.1)
    Avidemux 2.5 (32-bit) (Version: 2.5.4.7200)
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    BulletProof FTP Server (remove only)
    C4USelfUpdater (Version: 1.00.0000)
    CCleaner (Version: 2.35)
    center (Version: 6.2.5.0)
    Complitly
    ConvertXtoDVD 4.1.0.333 (Version: 4.1.0.333)
    CPUID HWMonitor 1.17
    CuteFTP 7 Home (Version: 7.10.0000)
    CyberLink BD Advisor 2.0
    CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
    CyberLink LabelPrint (Version: 2.5.1916)
    CyberLink LG Burning Tool (Version: 6.2.3714)
    CyberLink MediaShow (Version: 4.1.3402)
    CyberLink PowerDVD 9 (Version: 9.0.2919.52)
    CyberLink PowerProducer (Version: 5.0.1.1520)
    CyberLink YouCam (Version: 1.0.2609)
    Danger from the Deep 0.3.0.0 (Version: 0.3.0.0)
    Debugging Tools for Windows (x86) (Version: 6.12.2.633)
    DH Driver Cleaner Professional Edition (Version: Version 1.5)
    Driver Reviver (Version: 3.1.648.6846)
    essentials (Version: 6.0.14.0)
    EVEREST Ultimate Edition v5.50 (Version: 5.50)
    EVGA Precision 1.9.5 (Version: 1.9.5)
    FAHClient (Version: 7.1.33)
    ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
    Forum Proxy Leecher 1.10
    Foxit Reader (Version: 4.1.1.805)
    Free File Viewer 2011
    Free Hide Folder
    Haali Media Splitter
    Hoyle Casino 6
    Hoyle Mahjong Tiles
    ImgBurn (Version: 2.5.5.0)
    iSkysoft DVD Audio Ripper(Build 2.1.0.13)
    iSkysoft DVD Ripper(Build 2.2.0.0)
    iSkysoft DVD Studio Pack(Build 2.2.0.0)
    iSkysoft Video Converter(Build 2.2.0.0)
    ISO Recorder (Version: 2.0.0)
    Java Auto Updater (Version: 2.0.6.1)
    Java(TM) 6 Update 29 (Version: 6.0.290)
    Kodak AIO Printer (Version: 7.0.3.0)
    KODAK AiO Software (Version: 7.1.6.30)
    LBreakout2 2.4.1
    LibreOffice 3.3 Help Pack (English) (Version: 3.3.202)
    LightScribe System Software (Version: 1.18.14.1)
    MailWasher Pro
    Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
    Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
    Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
    Microsoft Antimalware (Version: 3.0.8402.2)
    Microsoft Application Error Reporting (Version: 12.0.6012.5000)
    Microsoft Corporation (Version: 9.0.30729.1)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft LifeCam (Version: 3.22.270.0)
    Microsoft Security Client (Version: 2.1.1116.0)
    Microsoft Security Essentials (Version: 2.1.1116.0)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Microsoft Windows Performance Toolkit (Version: 4.8.0)
    Microsoft XML Parser (Version: 8.70.1104.04)
    Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    MSXML 6.0 Parser (Version: 6.10.1129.0)
    neroxml (Version: 1.0.0)
    NETGEAR WNA1100 N150 Wireless USB Adapter (Version: 1.0.0.133)
    NirSoft BlueScreenView
    NirSoft ProduKey
    NirSoft Wireless Network Watcher
    No-IP DUC (Version: 3.0.4)
    NVIDIA Control Panel 280.26 (Version: 280.26)
    NVIDIA Graphics Driver 280.26 (Version: 280.26)
    NVIDIA Install Application (Version: 2.1000.25.170)
    NVIDIA nView 135.94 (Version: 135.94)
    NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
    NVIDIA PhysX (Version: 9.10.0514)
    NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
    NVIDIA Update 1.4.28 (Version: 1.4.28)
    NVIDIA Update Components (Version: 1.4.28)
    ocr (Version: 6.2.3.50)
    Opera 10.63 (Version: 10.63)
    Paint.NET v3.5.8 (Version: 3.58.0)
    Pale Moon (3.6.18) (Version: 3.6.18 (en-US))
    PC Probe II (Version: 1.04.80)
    Platform (Version: 1.32)
    PreReq (Version: 6.2.2.60)
    Pretty Good Solitaire version 9.1.0 (Version: 9.1.0)
    Proxy Checker 7.4 (build 18)
    Proxy Finder Enterprise Edition
    ProxyChecker (remove only)
    QuickTime (Version: 7.66.71.0)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.19.0000)
    Revo Uninstaller 1.89 (Version: 1.89)
    SAMSUNG Intelli-studio
    SeaTools for Windows (Version: 1.2.0.2)
    Security Task Manager 1.8d (Version: 1.8d)
    Sky Fight
    Sothink HD Movie Maker (Version: 1.2)
    StartNow Toolbar (Version: 2.4.0)
    Super Clicks (Version: 3.0)
    System Explorer 3.5.3
    Tipard Mod Converter 6.1.16
    TonyVegasOCR (Version: 1.3.0000)
    Total Video Converter 3.71 100812
    Unlocker 1.9.0 (Version: 1.9.0)
    VIA Platform Device Manager (Version: 1.32)
    Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
    VLC media player 0.9.9 (Version: 0.9.9)
    VSO CopyToDVD 4 (Version: 4.3.1.12c)
    WebFldrs XP (Version: 9.50.7523)
    WhoCrashed 3.03
    Winamp (Version: 5.623 )
    Windows Media Format 11 runtime
    Windows XP Service Pack 3 (Version: 20080414.031525)
    Wings of Honor - Battles of the Red Baron Arcade (remove only)
    WinRAR archiver
    WinX HD Video Converter Deluxe 3.12.1
    Xilisoft Blu-ray Creator 2 (Version: 2.0.3.1101)
    Xilisoft Download YouTube Video (Version: 2.0.25.1210)

    ========================= Memory info: ===================================

    Percentage of memory in use: 22%
    Total physical RAM: 3327.04 MB
    Available physical RAM: 2581.16 MB
    Total Pagefile: 5211.23 MB
    Available Pagefile: 4597.57 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1984.86 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:63.47 GB) (Free:38.71 GB) NTFS
    3 Drive e: (stuff) (Fixed) (Total:195.25 GB) (Free:181.83 GB) NTFS
    4 Drive f: (hold) (Fixed) (Total:196.22 GB) (Free:196.13 GB) NTFS
    5 Drive g: (things) (Fixed) (Total:242.19 GB) (Free:223.84 GB) NTFS
    6 Drive h: (****) (Fixed) (Total:234.38 GB) (Free:224.73 GB) NTFS
    7 Drive r: () (Fixed) (Total:372.61 GB) (Free:364.43 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\ME

    Administrator Guest HelpAssistant
    phil SUPPORT_388945a0 UpdatusUser


    **** End of log ****
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,053
    There is evidence of a malware infestation in there.


    1- Please click HERE to download HijackThis.

    2- Run the program.

    3- Click on the Main Menu button if not already there.

    4- Select Do a system scan and save a logfile.

    5- Copy and paste the scan log from Notepad into your next reply.

    6- Do not "Fix" anything unless advised to do so.
     
  5. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    HJT log as requested.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:03:55 PM, on 1/4/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\f\fah.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\f\FahCore_a4.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\WINDOWS\system32\Windupdt\winupdate.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    G:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe,C:\WINDOWS\system32\Windupdt\winupdate.exe
    O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\phil\Application Data\Complitly\Complitly.dll
    O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [EKAiO2StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKCU\..\Run: [winupdater] C:\WINDOWS\system32\Windupdt\winupdate.exe
    O4 - Startup: FAHControl.lnk = C:\Program Files\FAHClient\FAHControl.exe
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
    O23 - Service: CyberLink Product - 2011/02/22 20:50:56 (CLKMSVC10_E92D8507) - CyberLink - C:\Program Files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
    O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\f\fah.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\fah\smpd.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

    --
    End of file - 7370 bytes
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,053
    Your computer is definitely infected. Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
     
  7. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    Doesn't seem like it's going to be moved, so I guess I'll start a new thread and link this one.
     
  8. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,053
    Don't worry, it'll be moved.
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  10. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    My ComboFix log.

    ComboFix 12-01-05.01 - phil 01/05/2012 8:44.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2864 [GMT -6:00]
    Running from: c:\documents and settings\phil\Desktop\username123.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Trend Micro Titanium *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
    c:\documents and settings\phil\Application Data\chrtmp
    c:\documents and settings\phil\Application Data\inst.exe
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
    c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
    c:\documents and settings\phil\Application Data\vso_ts_preview.xml
    c:\documents and settings\phil\Start Menu\Internet Explorer.lnk
    c:\program files\Internet Explorer\1.tmp
    c:\program files\Internet Explorer\3.tmp
    c:\program files\Internet Explorer\4.tmp
    c:\program files\Internet Explorer\4E.tmp
    c:\program files\Internet Explorer\5.tmp
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\ReactivateFF.exe
    c:\program files\StartNow Toolbar\ReactivateIE.exe
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\Toolbar32.dll
    c:\program files\StartNow Toolbar\ToolbarBroker.exe
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\windows\$NtUninstallKB52986$
    c:\windows\$NtUninstallKB52986$\2056151434
    c:\windows\system32\Install.bat
    c:\windows\system32\readme.rtf
    c:\windows\system32\Windupdt
    c:\windows\system32\Windupdt\winupdate.exe
    G:\setup.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_.serial
    -------\Service_Security
    -------\Legacy_Updater_Service_for_StartNow_Toolbar
    -------\Legacy_Updater_Service_for_StartNow_Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-05 14:50 . 2012-01-05 14:50 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB6F3F6F-BAC2-4C0B-A112-19FAF484C584}\offreg.dll
    2012-01-04 23:08 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB6F3F6F-BAC2-4C0B-A112-19FAF484C584}\mpengine.dll
    2012-01-03 16:55 . 2012-01-03 16:55 -------- d-----w- c:\documents and settings\phil\Application Data\Digiarty
    2012-01-03 16:55 . 2012-01-03 16:55 -------- d-----w- c:\program files\Digiarty
    2011-12-28 14:12 . 2007-08-21 19:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
    2011-12-28 14:11 . 2011-12-28 14:11 -------- d-----w- c:\program files\FoxTabPDFConverter
    2011-12-20 22:30 . 2011-12-20 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Temp
    2011-12-15 02:50 . 2011-12-15 02:50 -------- d-----w- c:\program files\Appnimi
    2011-12-09 17:23 . 2011-12-09 17:23 12800 ----a-w- c:\program files\Mozilla Firefox\plugins\npwachk.dll
    2011-12-07 02:33 . 2008-04-13 20:15 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
    2011-12-07 02:33 . 2008-04-13 20:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
    2011-12-06 22:15 . 2011-12-06 22:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-22 13:30 . 2011-08-13 22:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-21 10:47 . 2011-09-25 05:29 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-01 20:35 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-11-01 20:35 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2011-11-01 20:35 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-11-01 15:02 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2010-07-31 01:48 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-09 15:16 . 2011-05-25 05:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
    "EKAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-09-02 2717696]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    .
    c:\documents and settings\phil\Start Menu\Programs\Startup\
    FAHControl.lnk - c:\program files\FAHClient\FAHControl.exe [2011-9-19 1525760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2011-8-13 4545024]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
    backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^What's my computer doing.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\What's my computer doing.lnk
    backup=c:\windows\pss\What's my computer doing.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^phil^Start Menu^Programs^Startup^crss.exe]
    path=c:\documents and settings\phil\Start Menu\Programs\Startup\crss.exe
    backup=c:\windows\pss\crss.exeStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^phil^Start Menu^Programs^Startup^[email protected]]
    path=c:\documents and settings\phil\Start Menu\Programs\Startup\[email protected]
    backup=c:\windows\pss\[email protected]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
    2008-12-11 18:45 114688 ----a-w- c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    2010-05-14 05:02 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-12-15 19:47 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
    2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverReviver]
    2011-04-23 21:20 2861376 ----a-w- c:\program files\Reviversoft\Driver Reviver\DriverReviver.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKAIO2StatusMonitor]
    2011-09-02 18:29 2717696 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EVGAPrecision]
    2010-07-09 23:30 302184 ----a-w- c:\program files\EVGA Precision\EVGAPrecision.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2009-02-17 06:11 33595392 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    2010-05-20 20:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2010-04-22 19:10 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2011-06-15 20:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2011-07-05 15:08 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
    2009-07-06 20:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
    2010-05-20 20:27 762736 ----a-w- c:\windows\vVX1000.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\mpiexec.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "g:\\Charon\\Charon.exe"=
    "c:\\Program Files\\Proxy Checker\\PCv7.exe"=
    "g:\\Charon\\Stan.exe"=
    "g:\\Hell_Labs_Proxy_Checker_Personal_v7.4\\PCv7.exe"=
    "c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "53168:TCP"= 53168:TCP:Mezzmo Media Server Service
    "9322:TCP"= 9322:TCP:EKDiscovery
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    .
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/31/2010 11:58 AM 11448]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/18/2011 3:42 AM 21992]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 5:00 PM 393648]
    R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [3/5/2011 12:58 PM 66944]
    R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [8/13/2011 2:04 PM 266240]
    R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [8/13/2011 2:04 PM 1759584]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [8/13/2011 2:04 PM 57440]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/24/2011 11:29 PM 47360]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [1/18/2011 4:16 PM 197224]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/30/2010 8:22 PM 2795376]
    S0 MFX;MFX; [x]
    S1 MpKsl0d23ec04;MpKsl0d23ec04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EE7DB07-126C-4D3A-9391-9CDC9FEF18F9}\MpKsl0d23ec04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EE7DB07-126C-4D3A-9391-9CDC9FEF18F9}\MpKsl0d23ec04.sys [?]
    S1 MpKsl10688ebe;MpKsl10688ebe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25F3EB5C-FA1B-4333-A905-84752256C2E4}\MpKsl10688ebe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25F3EB5C-FA1B-4333-A905-84752256C2E4}\MpKsl10688ebe.sys [?]
    S1 MpKsl13267518;MpKsl13267518;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl13267518.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl13267518.sys [?]
    S1 MpKsl144bd9b7;MpKsl144bd9b7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F703DAAB-998B-4DB3-BF04-FC9DD66E2641}\MpKsl144bd9b7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F703DAAB-998B-4DB3-BF04-FC9DD66E2641}\MpKsl144bd9b7.sys [?]
    S1 MpKsl14f7e58d;MpKsl14f7e58d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl14f7e58d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC7BECA1-36BE-4246-8441-7C19AC819111}\MpKsl14f7e58d.sys [?]
    S1 MpKsl1e992d58;MpKsl1e992d58;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25CCA49D-E54B-4302-B6F6-A01564A36095}\MpKsl1e992d58.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25CCA49D-E54B-4302-B6F6-A01564A36095}\MpKsl1e992d58.sys [?]
    S1 MpKsl257d2dc6;MpKsl257d2dc6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl257d2dc6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl257d2dc6.sys [?]
    S1 MpKsl27638bfb;MpKsl27638bfb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0EB1E4D-D36C-4D56-8D8D-9D2B4EF007FC}\MpKsl27638bfb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0EB1E4D-D36C-4D56-8D8D-9D2B4EF007FC}\MpKsl27638bfb.sys [?]
    S1 MpKsl27be0f9e;MpKsl27be0f9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16AB18C3-5C12-4137-8C92-E74F52053E08}\MpKsl27be0f9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16AB18C3-5C12-4137-8C92-E74F52053E08}\MpKsl27be0f9e.sys [?]
    S1 MpKsl2c95663c;MpKsl2c95663c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl2c95663c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A638E77E-7418-478E-A1E5-F4E0F12C5565}\MpKsl2c95663c.sys [?]
    S1 MpKsl2e6d605e;MpKsl2e6d605e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsl2e6d605e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsl2e6d605e.sys [?]
    S1 MpKsl369f2ad9;MpKsl369f2ad9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{581EB0B1-4971-46D1-956D-34D51B2941FB}\MpKsl369f2ad9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{581EB0B1-4971-46D1-956D-34D51B2941FB}\MpKsl369f2ad9.sys [?]
    S1 MpKsl39c3bc85;MpKsl39c3bc85;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{944F6D0C-32C0-49C6-B07A-8F4705E970CB}\MpKsl39c3bc85.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{944F6D0C-32C0-49C6-B07A-8F4705E970CB}\MpKsl39c3bc85.sys [?]
    S1 MpKsl3c9174da;MpKsl3c9174da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F563A42-6AB2-4EAC-9B24-201FD72D72CA}\MpKsl3c9174da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8F563A42-6AB2-4EAC-9B24-201FD72D72CA}\MpKsl3c9174da.sys [?]
    S1 MpKsl42e43fec;MpKsl42e43fec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl42e43fec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl42e43fec.sys [?]
    S1 MpKsl50c64407;MpKsl50c64407;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl50c64407.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl50c64407.sys [?]
    S1 MpKsl55314462;MpKsl55314462;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsl55314462.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsl55314462.sys [?]
    S1 MpKsl562e0fac;MpKsl562e0fac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80C68568-8976-4888-B1BD-6B3102027730}\MpKsl562e0fac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80C68568-8976-4888-B1BD-6B3102027730}\MpKsl562e0fac.sys [?]
    S1 MpKsl5baebe85;MpKsl5baebe85;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl5baebe85.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl5baebe85.sys [?]
    S1 MpKsl5cf0a0da;MpKsl5cf0a0da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl5cf0a0da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl5cf0a0da.sys [?]
    S1 MpKsl5e95e964;MpKsl5e95e964;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl5e95e964.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsl5e95e964.sys [?]
    S1 MpKsl638d1573;MpKsl638d1573;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl638d1573.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EAAFC3A3-E03C-49C0-985B-A7DB14793CAB}\MpKsl638d1573.sys [?]
    S1 MpKsl63930735;MpKsl63930735;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33AA4663-F20F-49E2-AC7E-F456F38DB019}\MpKsl63930735.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{33AA4663-F20F-49E2-AC7E-F456F38DB019}\MpKsl63930735.sys [?]
    S1 MpKsl642d8b91;MpKsl642d8b91;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B4583AD-CB48-4776-BAE4-F5DB2073F420}\MpKsl642d8b91.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B4583AD-CB48-4776-BAE4-F5DB2073F420}\MpKsl642d8b91.sys [?]
    S1 MpKsl77bb575b;MpKsl77bb575b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{488E411E-040E-43EC-90BF-FE2896E9F8E1}\MpKsl77bb575b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{488E411E-040E-43EC-90BF-FE2896E9F8E1}\MpKsl77bb575b.sys [?]
    S1 MpKsl82c9598d;MpKsl82c9598d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{478C8EDA-478D-4FEC-90C5-3F6A45BE6048}\MpKsl82c9598d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{478C8EDA-478D-4FEC-90C5-3F6A45BE6048}\MpKsl82c9598d.sys [?]
    S1 MpKsl857f569c;MpKsl857f569c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{396C7229-ED18-434C-97DC-3F7E39A59147}\MpKsl857f569c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{396C7229-ED18-434C-97DC-3F7E39A59147}\MpKsl857f569c.sys [?]
    S1 MpKsl8d27f993;MpKsl8d27f993;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DF09798-4E41-465A-BE8E-1824EB3CB1B0}\MpKsl8d27f993.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DF09798-4E41-465A-BE8E-1824EB3CB1B0}\MpKsl8d27f993.sys [?]
    S1 MpKsl952a1a57;MpKsl952a1a57;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl952a1a57.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKsl952a1a57.sys [?]
    S1 MpKsl9585d789;MpKsl9585d789;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8736E-D019-4F71-96AD-77F17F9A48A2}\MpKsl9585d789.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF8736E-D019-4F71-96AD-77F17F9A48A2}\MpKsl9585d789.sys [?]
    S1 MpKsl9bb7cba9;MpKsl9bb7cba9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A926881-D612-4F5D-AABC-D98ED70C0AD8}\MpKsl9bb7cba9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A926881-D612-4F5D-AABC-D98ED70C0AD8}\MpKsl9bb7cba9.sys [?]
    S1 MpKsla61bf5df;MpKsla61bf5df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsla61bf5df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE94C6DF-3123-4162-8D0F-564C30D79095}\MpKsla61bf5df.sys [?]
    S1 MpKslabcf7ffa;MpKslabcf7ffa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88464706-1DDC-41F6-B9CF-B5AA4A1362AB}\MpKslabcf7ffa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{88464706-1DDC-41F6-B9CF-B5AA4A1362AB}\MpKslabcf7ffa.sys [?]
    S1 MpKslb6b30463;MpKslb6b30463;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B6D0B4C-5B74-4491-85BA-160002C95EBF}\MpKslb6b30463.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B6D0B4C-5B74-4491-85BA-160002C95EBF}\MpKslb6b30463.sys [?]
    S1 MpKslc175250c;MpKslc175250c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKslc175250c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6D262C79-C16C-414C-AD4B-A4D72350BBC7}\MpKslc175250c.sys [?]
    S1 MpKslc3be77d6;MpKslc3be77d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B713FBA9-593B-4016-A26E-01493C556FF4}\MpKslc3be77d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B713FBA9-593B-4016-A26E-01493C556FF4}\MpKslc3be77d6.sys [?]
    S1 MpKslc4a61efd;MpKslc4a61efd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKslc4a61efd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKslc4a61efd.sys [?]
    S1 MpKsldba7611b;MpKsldba7611b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5040BC33-A367-421F-83AB-8DC6AD863804}\MpKsldba7611b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5040BC33-A367-421F-83AB-8DC6AD863804}\MpKsldba7611b.sys [?]
    S1 MpKsle3fcd2e6;MpKsle3fcd2e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKsle3fcd2e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9D972A-AE28-416B-A2EE-FA941C4DFAFF}\MpKsle3fcd2e6.sys [?]
    S1 MpKsle49bf007;MpKsle49bf007;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsle49bf007.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKsle49bf007.sys [?]
    S1 MpKsle4a7df5a;MpKsle4a7df5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B23901FE-76CA-401B-84B1-ED7CDA99DB40}\MpKsle4a7df5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B23901FE-76CA-401B-84B1-ED7CDA99DB40}\MpKsle4a7df5a.sys [?]
    S1 MpKsleb23c930;MpKsleb23c930;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsleb23c930.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKsleb23c930.sys [?]
    S1 MpKslecbecd03;MpKslecbecd03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE5EF4-FB94-4F87-97F8-CD9CC740545E}\MpKslecbecd03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AFFE5EF4-FB94-4F87-97F8-CD9CC740545E}\MpKslecbecd03.sys [?]
    S1 MpKslf70a29d6;MpKslf70a29d6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73934E14-757E-4412-BED2-A9087CDC1723}\MpKslf70a29d6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73934E14-757E-4412-BED2-A9087CDC1723}\MpKslf70a29d6.sys [?]
    S1 MpKslfb6ec777;MpKslfb6ec777;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3878C06E-8DAF-46F6-ADAA-8314C17BDA40}\MpKslfb6ec777.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3878C06E-8DAF-46F6-ADAA-8314C17BDA40}\MpKslfb6ec777.sys [?]
    S1 MpKslfd73c179;MpKslfd73c179;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKslfd73c179.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEAC91C1-2593-4115-B0C6-1C935EFF1F76}\MpKslfd73c179.sys [?]
    S1 MpKslfddddcfd;MpKslfddddcfd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKslfddddcfd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65F33A61-C774-485E-880C-D5855377AA99}\MpKslfddddcfd.sys [?]
    S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;c:\fah\smpd.exe --> c:\fah\smpd.exe [?]
    S3 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [7/1/2010 3:45 AM 136616]
    S3 CLKMSVC10_E92D8507;CyberLink Product - 2011/02/22 20:50;c:\program files\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [5/14/2010 2:02 PM 246256]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [8/13/2011 2:04 PM 360529]
    S3 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2/17/2011 9:50 PM 88688]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B5.tmp --> c:\windows\system32\1B5.tmp [?]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys --> c:\windows\system32\drivers\nvhda32.sys [?]
    S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/30/2011 1:41 PM 2255464]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [8/6/2010 11:52 AM 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [8/6/2010 11:52 AM 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [8/6/2010 11:52 AM 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [8/6/2010 11:52 AM 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [8/6/2010 11:52 AM 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [8/6/2010 11:52 AM 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [8/6/2010 11:52 AM 109864]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-04-22 19:09 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-05 c:\windows\Tasks\Free File Viewer Update Checker.job
    - c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-25 22:35]
    .
    2012-01-05 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
    IE: E&xport to Microsoft Excel -
    Trusted Zone: $TALISMA_URL$
    TCP: DhcpNameServer = 192.168.10.1
    FF - ProfilePath - c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\xqf6u288.default\
    FF - prefs.js: browser.startup.homepage - hxxp://forums.pcpitstop.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111228&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
    MSConfigStartUp-DriverUpdaterPro - g:\driverupdaterpro2.2.8.0\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
    MSConfigStartUp-InCD - c:\program files\Nero\Nero8\InCD\InCD.exe
    MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero8\InCD\NBHGui.exe
    MSConfigStartUp-winupdater - c:\windows\system32\Windupdt\winupdate.exe
    AddRemove-Hoyle Casino 6 - c:\sierra\Hoyle Casino 6\Uninst.isu
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-05 08:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\1B5.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2844)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\acs.exe
    c:\f\fah.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\f\FahCore_a4.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-05 08:53:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-05 14:53
    .
    Pre-Run: 43,578,179,584 bytes free
    Post-Run: 43,463,557,120 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - FBA52CB5E6164F4CB5BFA2C50DC5542B


    I will not know if this has corrected the problem for a few days. The freezes were random.
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    That removed a lot of malware
    you were infected by having out of date & vulnerable software
    IE6 is dangerous & you should go to to http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

    & update to IE8 immediately
    It doesn't matter if you never use IE, just having it installed is enough enough, becasue it is so deeply embedded in the operating system
     
  12. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    IE is now updated to 8. As you noted, I almost never use it. I usually use Firefox or Pale Moon browsers.
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    let us know how it gets on over the next day or so
    then we can finish off or investigate further if there are still problems
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
  15. dickster

    dickster Thread Starter

    Joined:
    Dec 13, 2001
    Messages:
    423
    No threats found, and no log was generated.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1034606