Jump to content

thehulk18

Anti-Spyware Brigade
  • Content Count

    6,393
  • Joined

  • Last visited

Everything posted by thehulk18

  1. Maybe they should give all illegals an iPhone when they cross the border....
  2. This is what you need Bruce. Get those dangerous ice daggers that are hanging down. Cleans steps and walks real well also. My brother in CT has one. http://www.amazon.com/BP-2512-SVC-Backpack-Propane/dp/B000NI7PQG
  3. I was trying to install Windows 7 on my Toshiba laptop yesterday, on a new, clean, formatted hard drive. On the Expanding Files step it kept hanging up and giving me error messages and stopping Setup. The error messages were: "Windows cannot install required files. The file may be corrupt or missing. Make sure all files required for installation are available, and restart the installation" Error Code: 0x80070017 also E:\Sources\WDSCORE.dll is either not designated to run on Windows, or it contains an error. I Googled both errors and found it was a fairly common happening when trying to install Windows 7. Some of the suggestions to overcome the errors were confusing, and some were as simple as swapping the CD/DVD drive. The one I liked best was found here: http://technet.microsoft.com/en-us/magazine/dd535816.aspx It worked like a charm and installed in less than half the normal time, and now I have Windows 7 Home Premium on a thumb drive for use anytime as long as I have a legitimate OS Key. The only thing not clear in the procedure is that at each Command Prompt, I had to type in the Drive and its number before the command itself. Other than that, it worked great.
  4. By default, XP, Vista and Win7 are supposed to defrage the boot sector when booting. However, it is not always set to do so in the registry. Rather than go into the registry, it can be done manually very easily to help speed up your boot time. As follows: Click on Start/All Programs/Accessories/Right click on Cmd Prompt and select to Run as Administrator. At the Command Prompt: C:\Windows\system32>, type in defrag c: -b It will look like this: C:\Windows\system32>defrag c: -b The window will then look like this: C:\Windows\system32>defrag -b C: Microsoft Disk Defragmenter Copyright © 2007 Microsoft Corp. Invoking boot optimization on (C:)... Pre-Defragmentation Report: Volume Information: Volume size = 49.99 GB Free space = 21.12 GB Total fragmented space = 2% Largest free space size = 4.59 GB Note: File fragments larger than 64MB are not included in the fragmentation statistics. You may not see anything happening at first...let it finish. You see in the last line that File fragments larger than 64MB are not included in the statistics, that's because they are not defragged, but they can be forced to defrag by using the same procedure above to run CMD Prompt as Administrator, then at the Command Prompt type in...defrag c: -v -w (Note spaces before each dash - ) Again...give it time to finish. These two steps significantly reduced the boot time on a laptop I was working on. I found these steps on more than one website, the following being one of them. http://social.answers.microsoft.com/Forums/en-US/vistaperformance/thread/7be9d9da-a7bf-447b-ad66-41d8eb50de54 I was looking for the steps for Vista, but they also work on Windows 7, and XP (Must have Administrator password in XP)
  5. Jules....you can have half of my 64 bits...
  6. Jacee...good morning young lady....just getting around to this, been under the weather...a little greener in the gills than normal hulk color...lol thanks for for your patience: DDS (Ver_10-03-17.01) - NTFSX64 Run by Bob at 3:28:51.73 on Sat 06/19/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1791.833 [GMT -4:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Windows\system32\lsm.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxcycoms.exe C:\ProgramData\Weather Pulse 2.2.4.4\weatherpulse.exe C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Olympus\ib\olycamdetect.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Bob\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.cfnews13.com/ mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll uRun: [WeatherPulse] c:\programdata\weather pulse 2.2.4.4\weatherpulse.exe uRun: [iE New Window Maximizer] c:\program files (x86)\ie new window maximizer\iemaximizer.exe uRun: [cdloader] "c:\users\bob\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Olympus ib] "c:\program files (x86)\olympus\ib\olycamdetect.exe" /Startup mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe mRun: [MDS_Menu] "c:\program files (x86)\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files (x86)\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files (x86)\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll AppInit_DLLs-X64: avgrssta.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-14 269320] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-14 35536] R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-14 317520] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264] R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-4-14 916760] R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-4-14 308064] R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] R2 wwEngineSvc;Window Washer Engine;c:\program files (x86)\webroot\washer\WasherSvc.exe [2010-5-30 598856] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-3-4 346144] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-4-14 136176] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-17 1255736] =============== Created Last 30 ================ 2010-06-16 20:53:46 27386256 ----a-w- c:\users\bob\AdbeRdr930_en_US.exe 2010-06-16 20:49:45 56141 ----a-w- c:\users\bob\SOACK_S19487.pdf 2010-05-31 00:19:59 0 d-----w- c:\users\bob\appdata\roaming\Webroot 2010-05-31 00:19:58 0 d-----w- c:\programdata\Webroot 2010-05-31 00:19:58 0 d-----w- c:\program files (x86)\Webroot 2010-05-31 00:19:58 0 d-----w- c:\program files (x86)\common files\Webroot Shared 2010-05-31 00:19:41 194888 ----a-w- c:\windows\Unwash6.exe 2010-05-29 02:37:29 22528 ----a-w- c:\users\bob\Dream Love.doc 2010-05-28 03:42:26 24672 ----a-w- c:\users\bob\me and ski - Copy.jpg 2010-05-28 02:30:13 292999 ----a-w- c:\users\bob\Bobby in the Bus.jpg 2010-05-28 02:26:30 20844 ----a-w- c:\users\bob\Me and Jim.jpg 2010-05-28 02:24:28 204202 ----a-w- c:\users\bob\Linda_Bren_holly.jpg 2010-05-28 02:22:34 159212 ----a-w- c:\users\bob\me and ski.jpg 2010-05-26 14:11:47 20697 ----a-w- c:\users\bob\livepreview.jpg 2010-05-26 04:33:21 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-05-26 04:33:21 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 11:14:04 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-05-25 11:14:04 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-05-25 11:14:04 145184 ----a-w- c:\windows\syswow64\java.exe 2010-05-25 11:11:54 0 d-----w- c:\programdata\Sun 2010-05-25 11:11:24 423656 ----a-w- c:\windows\syswow64\deployJava1.dll 2010-05-23 22:44:32 0 d-----w- c:\users\bob\appdata\roaming\Auslogics 2010-05-23 22:44:19 0 d-----w- c:\program files (x86)\Auslogics 2010-05-23 17:00:20 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-23 17:00:08 0 d-----w- c:\users\bob\appdata\roaming\Malwarebytes 2010-05-23 17:00:03 0 d-----w- c:\programdata\Malwarebytes 2010-05-23 17:00:02 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-05-20 11:07:11 97792 --sha-w- c:\users\bob\Thumbs.db ==================== Find3M ==================== 2010-06-02 15:47:32 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2010-06-02 15:47:32 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-05-06 13:47:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll 2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll 2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys 2010-04-14 21:19:04 12976 ----a-w- c:\windows\system32\avgrssta.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 3:29:11.73 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 4/14/2010 3:19:34 PM System Uptime: 6/19/2010 3:21:00 AM (0 hours ago) Motherboard: Dell Inc. | | 0F896N Processor: AMD Sempron Processor LE-1300 | AM2 | 2300/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 298 GiB total, 198.033 GiB free. D: is CDROM () G: is Removable H: is Removable ==== Disabled Device Manager Items ============= Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\6&1C1F09FC&0&1 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\6&1C1F09FC&0&1 Service: ==== System Restore Points =================== ==== Installed Programs ====================== Acrobat.com Active@ KillDisk FREE Suite Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.3.2 Advanced SystemCare 3 AnswerWorks Runtime Apple Application Support Apple Software Update AusLogics Disk Defrag AVG Free 9.0 Belarc Advisor 8.1 CleanUp! Corel Applications Google Toolbar for Internet Explorer Google Update Helper HijackThis 2.0.2 IE New Window Maximizer 2.4 IrfanView (remove only) Java Auto Updater Java 6 Update 21 Malwarebytes' Anti-Malware Microsoft Corporation Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Word Viewer 2003 Microsoft Reader Microsoft Visual C++ 2005 Redistributable OLYMPUS ib QuickTime Realtek 8136 8168 8169 Ethernet Driver Roxio PhotoSuite 5 Visual C++ 8.0 Runtime Setup Package (x64) Weather Pulse 2.2.4.4 Window Washer Yahoo! Messenger ==== End Of File ===========================
  7. Good morning all you Trusted Advisors. Usually in the morning first thing I do on PC is check the AVG results from the overnight scan. This morning when i clicked and removed the screensaver, I was greeted with a bunch of porn pictures and writing in German. They kept coming back at random times while on line. I ran MalwareBytes in safe mode and it found nothing. AVG found two Trojan Downloaders and vaulted them. I ran HJT, and right after it started scanning, this window popped up: Then completed the scan. If I follow the directioon to get into the Hosts, there are no entries from HJT This is the log, and thanks: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:17:23 AM, on 6/7/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\ProgramData\Weather Pulse 2.2.4.4\weatherpulse.exe C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Olympus\ib\olycamdetect.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Users\Bob\AppData\Roaming\mjusbsp\magicJack.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\HJT\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cfnews13.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0" O4 - HKCU\..\Run: [WeatherPulse] C:\ProgramData\Weather Pulse 2.2.4.4\weatherpulse.exe O4 - HKCU\..\Run: [iE New Window Maximizer] C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe O4 - HKCU\..\Run: [cdloader] "C:\Users\Bob\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe -- End of file - 6950 bytes I also ran HJT in Safe Mode as Administrator and tried removing all the entries with the @ with the same results, i.e., they were still there on the next scan. TIA
  8. Maybe I can find a Poltergeist remover on Ebay....lol
  9. Hey Jules....I haven't done any on line scans because usually it won't stay on for a full scan. I lucked out with this one. This is still the same machine that starts and stops randomly. A quick historic synopsis if I may: Brought to me because it started up in the middle of the night, and shut down when it felt like it. Replaced broken Power switch Replaced motherboard, CPU,heatsind, and fan. Replaced RAM Replaced Power Supply Added extra case fan for cooling. Removed Vista from SATA HD and installed XP Home Malware Bytes finds nothing wrong AVG also comes up clean Now Combofix looks good also Completely isolated everything from the case on my workbench, and it ran perfectly for about 15 hours. Installed everything in an older case, and it ran perfectly for a number of hours also. I made an insulating gasket of sorts from a new clear back seat floor mat to prevent any arcing from mobo solder points. The board is a combo board, so last night I removed SATA drive and replaced with IDE drive and installed Windows XP Home. All of this and many hours of troubleshooting and it is doing the same thing as the day it was brought to me, while it is in the original case. It shutdown this morning while doing Windows updates on the newly installed IDE drive with fresh XP Home Running out of ideas other than getting a new case, so ran Combofix for a fresh perspective. Every suggestion people make to solve this headbuster is negated by the fact that the hardware is all NEW and tested, and the fact that every action is a repeat of what was happening when it was first brought to me. I've done the piece by piece in and out of the case one at a time, etc, ad naseum, and like I said Jules, I'm about out of ideas. Sorry...didn't mean to ramble on, you know how us Northerners are when ya get us ta yakkin...lol
  10. Need to know if all is ok... ComboFix 10-05-22.03 - HB 05/23/2010 13:05:14.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1245 [GMT -4:00] Running from: i:\program files\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 ))))))))))))))))))))))))))))))) . 2010-05-23 16:16 . 2010-05-23 16:16 -------- d-----w- c:\program files\Belarc 2010-05-23 16:16 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys 2010-05-23 15:41 . 2010-05-23 16:06 -------- d-----w- c:\program files\RegCleaner 2010-05-23 02:21 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2010-05-23 02:21 . 2010-05-23 02:21 -------- d-----w- C:\USMT.TMP 2010-05-22 19:27 . 2010-05-22 19:27 -------- d-----w- c:\documents and settings\HB\Application Data\Malwarebytes 2010-05-22 19:27 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-22 19:27 . 2010-05-22 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-22 19:27 . 2010-05-22 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-22 19:27 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-22 17:56 . 2010-05-22 17:56 -------- d-----w- c:\program files\IObit 2010-05-22 17:56 . 2010-05-22 17:56 -------- d-----w- c:\documents and settings\HB\Application Data\IObit 2010-05-21 04:16 . 2010-03-11 12:38 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-05-21 04:16 . 2010-03-11 12:38 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-05-21 04:16 . 2010-03-11 12:38 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-05-21 04:16 . 2010-03-11 12:38 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-05-21 04:16 . 2010-03-11 12:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2010-05-21 04:16 . 2010-03-11 12:38 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2010-05-21 04:16 . 2010-03-10 13:18 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-05-21 04:16 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2010-05-20 22:32 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll 2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\system32\scripting 2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\system32\en 2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\system32\bits 2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\l2schemas 2010-05-20 15:47 . 2010-05-20 15:47 -------- d-----w- c:\windows\EHome 2010-05-20 11:11 . 2010-05-20 11:11 -------- d-----w- c:\program files\CleanUp! 2010-05-20 11:10 . 2010-05-20 11:10 -------- d-----w- c:\documents and settings\HB\Application Data\Auslogics 2010-05-20 11:10 . 2010-05-20 11:10 -------- d-----w- c:\program files\Auslogics 2010-05-20 11:03 . 2010-05-20 11:03 -------- d-----w- c:\windows\system32\XPSViewer 2010-05-20 11:03 . 2010-05-20 11:03 -------- d-----w- c:\program files\MSBuild 2010-05-20 11:03 . 2010-05-20 11:03 -------- d-----w- c:\program files\Reference Assemblies 2010-05-20 11:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-05-20 11:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-05-20 11:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-05-20 11:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-05-20 11:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-05-20 11:02 . 2010-05-20 11:03 -------- d-----w- C:\b2487a92a33ec8f59d2145 2010-05-20 11:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-05-20 11:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-05-20 11:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-05-20 11:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-05-20 11:01 . 2010-05-20 11:01 -------- d-----w- c:\program files\MSXML 6.0 2010-05-20 10:16 . 2004-08-04 04:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys 2010-05-20 10:10 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-05-20 10:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-05-20 10:10 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-05-20 10:10 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-20 10:10 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-20 10:09 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-05-20 10:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-20 10:06 . 2010-05-22 04:14 -------- d--h--w- c:\windows\$hf_mig$ 2010-05-20 09:58 . 2010-05-20 09:58 -------- d-s---w- c:\documents and settings\HB\UserData 2010-05-20 09:51 . 2010-05-20 09:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-20 09:51 . 2010-05-20 09:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-20 09:51 . 2010-05-20 09:51 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-20 09:51 . 2010-05-20 09:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-05-20 09:51 . 2010-05-22 23:46 -------- d-----w- c:\windows\system32\drivers\Avg 2010-05-20 09:51 . 2010-05-20 09:51 -------- d-----w- c:\program files\AVG 2010-05-20 09:51 . 2010-05-20 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-20 09:43 . 2010-05-20 09:43 0 ----a-w- c:\windows\ativpsrm.bin 2010-05-20 09:40 . 2009-07-31 05:27 311296 ----a-r- c:\windows\system32\atiiiexx.dll 2010-05-20 09:40 . 2009-07-31 05:42 446464 ----a-r- c:\windows\system32\ATIDEMGX.dll 2010-05-20 09:40 . 2009-07-31 05:02 887724 ----a-r- c:\windows\system32\ativva6x.dat 2010-05-20 09:40 . 2009-07-31 05:02 3 ----a-r- c:\windows\system32\ativva5x.dat 2010-05-20 09:40 . 2009-06-11 16:54 197655 ----a-r- c:\windows\system32\atiicdxx.dat 2010-05-20 09:40 . 2010-05-20 09:40 -------- d-----w- c:\program files\ATI Technologies 2010-05-20 09:40 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2010-05-20 09:40 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2010-05-20 09:40 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2010-05-20 09:37 . 2010-03-08 14:41 220112 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys 2010-05-20 09:37 . 2010-01-12 09:35 80416 ----a-w- c:\windows\system32\RtNicProp32.dll 2010-05-20 09:37 . 2010-05-20 09:37 -------- d-----w- c:\program files\Realtek 2010-05-20 09:37 . 2010-05-20 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-20 09:36 . 2004-08-13 18:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys 2010-05-20 09:36 . 2009-04-03 12:30 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-20 15:55 . 2010-05-20 08:59 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-20 09:39 . 2010-05-20 09:38 -------- d-----w- c:\program files\Common Files\InstallShield 2010-05-20 09:39 . 2010-05-20 09:39 -------- d-----w- c:\program files\VIA 2010-05-20 08:59 . 2010-05-20 08:59 -------- d-----w- c:\program files\microsoft frontpage 2010-05-20 08:57 . 2010-05-20 08:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-05-20 09:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/20/2010 5:51 AM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/20/2010 5:51 AM 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/20/2010 5:51 AM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/20/2010 5:51 AM 308064] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/20/2010 5:39 AM 1390976] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cfnews13.com/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-23 13:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3868) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2010-05-23 13:07:21 ComboFix-quarantined-files.txt 2010-05-23 17:07 Pre-Run: 301,078,396,928 bytes free Post-Run: 301,097,476,096 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 6FA5A3BCD704D1951BAC4BAAE32254F6
  11. Tom, thanks for your time and trouble my friend, but the owner came and got it and said he was gonna trade it it. Cest la vie....
  12. Not to entghralled with it at all. What happened to G.D.? Oh WEll....Even after Monday and Tuesday, the calendar says
  13. Let's try again...thanks Tom OTL logfile created on: 5/13/2010 10:16:11 AM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\bernard\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 6.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.09 Gb Total Space | 239.37 Gb Free Space | 83.09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 37.27 Gb Total Space | 34.31 Gb Free Space | 92.05% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BERNARD-PC Current User Name: bernard Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/05/13 10:14:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (SafeList) ========== MOD - [2010/05/13 10:14:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008/01/20 18:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/04/22 09:34:54 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/04/22 09:34:53 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/02/12 11:23:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/07/22 18:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008/05/05 14:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006/10/23 04:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - [2010/04/22 09:35:06 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/04/22 09:35:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/04/22 09:34:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/07/23 10:28:32 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/06/11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/01/25 04:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2008/01/20 18:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008/01/20 18:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008/01/20 18:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008/01/20 18:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008/01/20 18:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008/01/20 18:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008/01/20 18:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008/01/20 18:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008/01/20 18:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008/01/20 18:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2008/01/20 18:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008/01/20 18:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008/01/20 18:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008/01/20 18:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008/01/20 18:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008/01/20 18:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008/01/20 18:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008/01/20 18:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008/01/20 18:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008/01/20 18:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/20 18:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/20 18:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006/11/29 14:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM1_Standard.bmp O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM1_Standard.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/02/23 16:06:54 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9166519b-fe1c-11dd-8db9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9166519b-fe1c-11dd-8db9-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Msetup4.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 18:34:27 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2010/05/13 10:14:43 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe [2010/05/12 04:15:04 | 000,000,000 | ---D | C] -- C:\HJT [2010/05/12 01:44:06 | 000,000,000 | -H-D | C] -- C:\$AVG [2010/04/27 15:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2010/04/22 11:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2010/04/22 11:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2010/04/22 11:08:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2010/04/22 10:24:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2010/04/22 10:21:25 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2010/04/22 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Local\Temp [2010/04/22 10:21:01 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Roaming\Auslogics [2010/04/22 10:14:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010/04/22 10:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp! [2010/04/22 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2010/04/22 09:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem [2010/04/22 09:35:07 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/04/22 09:35:06 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/04/22 09:35:00 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/04/22 09:34:58 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/04/22 09:34:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg [2010/04/22 09:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2010/04/22 09:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010/04/22 08:51:48 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Roaming\Malwarebytes [2010/04/22 08:51:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/22 08:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/04/22 08:51:35 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/22 08:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/04/22 08:18:23 | 000,000,000 | ---D | C] -- C:\Users\bernard\AppData\Roaming\IObit [2010/04/22 08:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2010/04/01 15:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/02/24 15:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads ========== Files - Modified Within 90 Days ========== [2010/05/13 10:15:47 | 000,879,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/13 10:15:47 | 000,197,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/13 10:15:47 | 000,004,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/13 10:14:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\bernard\Desktop\OTL.exe [2010/05/13 10:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/13 10:00:32 | 002,359,296 | -HS- | M] () -- C:\Users\bernard\ntuser.dat [2010/05/13 10:00:30 | 002,292,467 | -H-- | M] () -- C:\Users\bernard\AppData\Local\IconCache.db [2010/05/13 09:58:19 | 000,088,893 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/05/13 09:58:19 | 000,088,893 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/05/13 09:55:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010/05/13 09:55:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/13 09:55:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/13 09:55:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/13 01:29:41 | 059,932,514 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/05/04 11:20:52 | 000,307,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/04/27 15:14:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010/04/22 18:20:21 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/04/22 18:20:21 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TM.blf [2010/04/22 09:54:05 | 000,003,584 | ---- | M] () -- C:\Users\bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/22 09:35:07 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010/04/22 09:35:06 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010/04/22 09:35:00 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2010/04/22 09:34:58 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/04/22 09:34:58 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2010/04/22 08:51:39 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/22 08:18:25 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk [2010/04/21 09:50:53 | 001,048,576 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.2.regtrans-ms [2010/04/21 09:50:53 | 001,048,576 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.1.regtrans-ms [2010/04/21 09:50:53 | 001,048,576 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.0.regtrans-ms [2010/04/21 09:50:53 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.blf [2010/04/21 05:42:52 | 000,005,184 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini [2010/04/17 14:31:29 | 000,000,270 | ---- | M] () -- C:\Windows\win.ini [2010/04/16 16:06:25 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000002.regtrans-ms [2010/04/15 17:08:28 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/04/15 17:08:28 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TM.blf [2010/04/11 08:54:21 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000002.regtrans-ms [2010/04/11 07:41:05 | 000,524,288 | -HS- | M] () -- C:\Users\bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/04/11 07:41:05 | 000,065,536 | -HS- | M] () -- C:\Users\bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/02/25 15:12:46 | 000,075,832 | ---- | M] () -- C:\Users\bernard\AppData\Local\GDIPFONTCACHEV1.DAT [2010/02/22 19:09:09 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== [2010/04/27 15:14:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2010/04/22 09:56:46 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010/04/22 09:34:58 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm [2010/04/22 09:34:57 | 059,932,514 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010/04/22 08:51:39 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/22 08:18:25 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk [2010/04/22 08:11:51 | 000,088,893 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010/04/22 08:06:04 | 000,088,893 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010/04/21 09:50:53 | 001,048,576 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.2.regtrans-ms [2010/04/21 09:50:53 | 001,048,576 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.1.regtrans-ms [2010/04/21 09:50:53 | 001,048,576 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.0.regtrans-ms [2010/04/21 09:50:53 | 000,065,536 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652a-49b4-11df-bc0b-00038a000015}.TxR.blf [2010/04/21 05:42:52 | 000,005,184 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2010/04/16 16:06:25 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000002.regtrans-ms [2010/04/16 16:06:25 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/04/16 16:06:25 | 000,065,536 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{fd0e652b-49b4-11df-bc0b-00038a000015}.TM.blf [2010/04/11 08:54:21 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000002.regtrans-ms [2010/04/11 08:54:21 | 000,524,288 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TMContainer00000000000000000001.regtrans-ms [2010/04/11 08:54:21 | 000,065,536 | -HS- | C] () -- C:\Users\bernard\ntuser.dat{cdb0230c-458a-11df-8ead-00038a000015}.TM.blf [2009/09/18 05:22:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/02/18 16:40:25 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2006/11/22 14:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini [2006/11/21 10:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010/04/22 10:21:01 | 000,000,000 | ---D | M] -- C:\Users\bernard\AppData\Roaming\Auslogics [2010/05/12 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\bernard\AppData\Roaming\IObit [2010/05/13 07:30:19 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/20 18:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/20 18:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/20 18:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/20 18:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/20 18:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 18:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < %systemroot%\*. /mp /s > < > < End of report > OTL Extras logfile created on: 5/13/2010 10:16:11 AM - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\bernard\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free 6.00 Gb Paging File | 6.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.09 Gb Total Space | 239.37 Gb Free Space | 83.09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 37.27 Gb Total Space | 34.31 Gb Free Space | 92.05% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BERNARD-PC Current User Name: bernard Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00181BC2-EDFC-46BA-924B-DBBAE878FBA0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | "{06C9B889-E735-4E47-BCC0-540F11E96264}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{467985BB-820E-4337-BC2E-FFBD4DFE582D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{4ECC026C-F0AD-4AD8-9BED-B63C084387E0}" = protocol=6 | dir=in | app=c:\program files\aol\rc\regclient.exe | "{4FB8F451-E24E-435B-8DF4-12691110830B}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | "{5928B764-4F0A-4841-B112-6AF612D6F02E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{6AC3F764-0C2A-4677-86A0-AE0345CE146B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{705049FE-DBD3-431B-9B6F-24665B60CC9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{71565BF2-C157-4D34-9C2F-210464CE3BE2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{93A64C52-77C7-4DBA-AADE-096294A3E26E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{A0587A0F-BD21-4862-9D0B-E2FB37457CB1}" = protocol=17 | dir=in | app=c:\program files\aol\rc\regclient.exe | "{A17DCB2A-9DF6-4067-B395-1B122D2A4DBE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{B2899642-FB20-4222-8AD9-604324BA7B0C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{B33F60DD-EA5E-4E94-8502-38BD762BFEDA}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe | "{B3660CDB-E036-44C8-9853-7AFCB3081A69}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe | "{C759A8C8-C87B-458C-9635-00FF7FE55821}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{D4919FDD-EE81-4808-8F59-5B99C2A89B77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{DB2A15F8-8550-4C63-A3A4-8D042ECE89FC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{E199CD54-BF57-4403-90DE-F8A2B5BBC6A4}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 19 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager "{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "AOL Regclient" = AOL Registration "AOL Toolbar" = AOL Toolbar 5.0 "AOL Toolbar 5.0" = "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AVG9Uninstall" = AVG Free 9.0 "CleanUp!" = CleanUp! "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader "LSI Soft Modem" = LSI PCI-SV92PP Soft Modem "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "ViewpointMediaPlayer" = Viewpoint Media Player "WildTangent emachines Master Uninstall" = eMachines Games ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/27/2010 6:57:28 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012 Description = Error - 4/27/2010 6:57:28 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011 Description = Error - 4/27/2010 7:23:32 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012 Description = Error - 4/27/2010 7:23:32 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011 Description = Error - 4/27/2010 11:13:30 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012 Description = Error - 4/27/2010 11:13:30 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011 Description = Error - 5/1/2010 6:54:18 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012 Description = Error - 5/1/2010 6:54:18 PM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011 Description = Error - 5/3/2010 3:44:10 AM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3012 Description = Error - 5/3/2010 3:44:10 AM | Computer Name = bernard-PC | Source = LoadPerf | ID = 3011 Description = [ System Events ] Error - 5/13/2010 2:10:44 PM | Computer Name = bernard-PC | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 5/13/2010 2:11:15 PM | Computer Name = bernard-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 9:59:57 AM on 5/13/2010 was unexpected. Error - 5/13/2010 2:11:01 PM | Computer Name = bernard-PC | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 5/13/2010 2:12:01 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005 Description = Error - 5/13/2010 2:12:07 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005 Description = Error - 5/13/2010 2:12:08 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005 Description = Error - 5/13/2010 2:12:10 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005 Description = Error - 5/13/2010 2:12:11 PM | Computer Name = bernard-PC | Source = DCOM | ID = 10005 Description = Error - 5/13/2010 2:12:37 PM | Computer Name = bernard-PC | Source = Service Control Manager | ID = 7001 Description = Error - 5/13/2010 2:12:37 PM | Computer Name = bernard-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
  14. I replied with both logs, and now they are gone. I don't like this new look at all.
  15. This is the HJT Log, I will post test results if it stays on long enough. I should mention first, that when I run HJT, shortly after it starts I get the following message pop up: "For some reason your system denied access to your Hosts files. If any Hijacked domains are in this file, HJT may NOT BE ABLE TO FIX THIS. If that happens, you will have to edit it yourself by doing this: Start/Run type in: notepad"C:\Windows\System32\driver\etc\hosts ENTER (This of course does not work, something about the path being wrong) Find the lines HJT reports and delete then. Save the file as "Hosts" (with quotes) HJT then continues until a second error pops up which says something about an ERROR IN mod-main something or other, error #75 ...doesnt stay on long enough for me to read all of it. Logfile of HijackThis v1.99.1 Scan saved at 3:32:50 AM, on 5/13/2010 Platform: Unknown Windows (WinNT 6.00.1906 SP2) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\mobsync.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0209&m=et1161-07 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) So far, changed or disconnected the HD, DS Rom, Power Supply and it still starts up all by itself no matter how it was shut down. When it does start, it does so for about 10 seconds and then suts dowsn again, etc., etc. The Power switch is non-functional when this happens. I thought it was something trying to start up, but it acts more like something that hasnt shut down and is trying, like maybe a capacitor not fully discharging. It hs been running for about 15 or 20 minutes now, which is unusual. I will attempt to get a test run on it and post results. I am on a different PC now because it just shut down. Here are test results. http://www.pcpitstop.com/betapit/sec.asp?conid=23592224&report=Summary
  16. Never happen....heh heh... That being said "J", the computer was running perfectly thanks to your magnificent efforts, and while sitting behind it on a diferent machine, I smelled somthing, I turned and saw smoke coming out of the case, and immediately unplugged it. An inspeciton showed that a capacitor right below the AGP slot had burned itself almost black. Some others effected by age and heat had their tops split and some leakage, others tops had bulged out sgnificantly. I hate when that happens after hours of working on it. I do thank you again for all the corrective and cleaning procedures, they all accomplished their due.
  17. Remainder of Combo fix log: . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2003-07-28 323584] "SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-04-18 01:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-03-29 04:12 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] 2009-03-19 14:12 632048 ----a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC] 2001-10-04 13:41 35328 ----a-w- c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG] 2001-10-31 23:10 101615 ----a-w- c:\windows\GWMDMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMpi] 2001-10-31 23:10 40960 ----a-w- c:\windows\GWMDMpi.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXDL.EXE] 2002-02-13 15:43 59064 ----a-w- c:\program files\BestBuy\HelpExpress\HXDL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-02-08 05:12 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-02-08 05:13 774168 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIC] 2006-07-06 12:45 192512 ----a-w- c:\program files\MEDIC\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-06-24 18:49 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2007-03-27 19:22 4670968 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] 2001-10-12 05:59 200704 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/17/2010 9:56 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/17/2010 9:56 PM 242696] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/17/2010 9:55 PM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/17/2010 9:55 PM 308064] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/28/2007 3:32 PM 24652] S1 MpKslaefa9dfc;MpKslaefa9dfc;\??\c:\windows\system32\MpEngineStore\MpKslaefa9dfc.sys --> c:\windows\system32\MpEngineStore\MpKslaefa9dfc.sys [?] S1 ytiidjdc;ytiidjdc;\??\c:\windows\system32\drivers\ytiidjdc.sys --> c:\windows\system32\drivers\ytiidjdc.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 7:17 AM 135664] . Contents of the 'Scheduled Tasks' folder 2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:17] 2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.rr.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adware_ProNET - c:\program files\AdwarePro\Adware_Pro.exe MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-mbfscejk - c:\documents and settings\Valued Customer\Local Settings\Application Data\ggdrqg\snnosftav.exe MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-PC Pitstop Diskmd3 Reminder - c:\program files\PCPitstop\DiskMD3\Reminder-Diskmd3.exe AddRemove-HijackThis - f:\hjt\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-18 18:31 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3788) c:\windows\system32\WININET.dll c:\windows\system32\SSSensor.dll c:\windows\system32\ieframe.dll . Completion time: 2010-04-18 18:33:46 ComboFix-quarantined-files.txt 2010-04-18 22:33 Pre-Run: 108,898,320,384 bytes free Post-Run: 109,069,729,792 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - EC9270E991539340C268C9505F1D377A JULIET: I fosrgot to mention, at the end of Stage 2 and before Stage 3, I got a pop up message: "PEV.cfxxe has encountered a problem and needs to close, sorry for the inconvenience." It did not appear again. Looked it up and says it is part of Zlob...a definite yucky...lol Talk about Greek.....Wowsa!!
  18. Part of the combo fix log: ComboFix 10-04-17.07 - Valued Customer 04/18/2010 18:25:02.1.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.105 [GMT -4:00] Running from: c:\documents and settings\Valued Customer\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 ))))))))))))))))))))))))))))))) . 2010-04-18 13:18 . 2010-04-18 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-04-18 06:01 . 2010-04-18 06:01 -------- d-----w- C:\$AVG 2010-04-18 01:58 . 2004-10-15 22:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys 2010-04-18 01:58 . 2004-10-15 22:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys 2010-04-18 01:58 . 2004-10-15 22:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys 2010-04-18 01:58 . 2004-10-15 22:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys 2010-04-18 01:58 . 2004-10-15 22:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys 2010-04-18 01:58 . 2004-10-15 22:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys 2010-04-18 01:58 . 2004-10-15 22:32 83096 ----a-w- c:\windows\system32\SSSensor.dll 2010-04-18 01:58 . 2010-04-18 01:58 -------- d-----w- c:\program files\Sygate 2010-04-18 01:56 . 2010-04-18 01:56 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-18 01:56 . 2010-04-18 01:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-18 01:56 . 2010-04-18 01:56 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-18 01:56 . 2010-04-18 01:56 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-04-18 01:56 . 2010-04-18 01:56 -------- d-----w- c:\windows\system32\drivers\Avg 2010-04-18 01:55 . 2010-04-18 01:55 -------- d-----w- c:\program files\AVG 2010-04-18 01:55 . 2010-04-18 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-17 22:51 . 2010-04-17 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-04-17 22:23 . 2010-04-17 22:23 -------- d-----w- C:\HJT 2010-04-15 03:25 . 2010-04-15 03:25 1018 ----a-w- c:\windows\system32\drivers\bwsbqmav.dat 2010-04-15 03:24 . 2010-04-15 03:24 79114 ----a-w- c:\windows\system32\drivers\IDECHNDR.SYS 2010-04-15 01:54 . 2010-04-15 01:54 -------- d-----w- c:\windows\system32\MpEngineStore 2010-04-07 21:28 . 2010-04-07 21:28 -------- d-----w- c:\windows\system32\XPSViewer 2010-04-07 21:28 . 2010-04-07 21:28 -------- d-----w- c:\program files\MSBuild 2010-04-07 21:27 . 2010-04-07 21:27 -------- d-----w- c:\program files\Reference Assemblies 2010-04-07 21:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-04-07 21:26 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-04-07 21:26 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-04-07 21:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-04-07 21:26 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-04-07 21:26 . 2010-04-07 21:26 -------- d-----w- C:\9076f13f900042f7bc 2010-04-07 21:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-04-07 21:26 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-04-07 21:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-04-07 21:26 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- C:\0b053820a2bf52b1b26a9ed7 2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- C:\6b7a5901db41c6f78a00f7bf 2010-04-04 14:39 . 2010-04-04 14:39 -------- d-----w- c:\documents and settings\Valued Customer\Application Data\Leadertech 2010-04-04 13:50 . 2010-04-04 13:50 -------- d-----w- c:\program files\PCPitstop 2010-04-04 13:05 . 2010-04-04 13:05 -------- d-----w- c:\program files\Seagate 2010-04-04 12:55 . 2010-04-04 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-04 05:27 . 2010-04-04 05:27 -------- d-----w- c:\windows\system32\LogFiles 2010-04-04 05:12 . 2010-03-11 12:38 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll 2010-04-04 05:12 . 2010-03-11 12:38 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-04-04 05:12 . 2010-03-11 12:38 63488 ------w- c:\windows\system32\dllcache\icardie.dll 2010-04-04 05:12 . 2010-03-11 12:38 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll 2010-04-04 05:12 . 2010-03-11 12:38 268288 ------w- c:\windows\system32\dllcache\iertutil.dll 2010-04-04 05:12 . 2010-03-10 13:18 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2010-04-04 05:12 . 2009-06-29 08:33 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat 2010-04-04 05:12 . 2010-03-11 12:38 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll 2010-04-04 01:59 . 2010-04-04 01:59 -------- d-----w- c:\documents and settings\Valued Customer\Application Data\IObit 2010-04-04 01:59 . 2010-04-04 01:59 -------- d-----w- c:\program files\IObit 2010-04-04 01:56 . 2010-04-04 01:56 -------- d-----w- c:\program files\CleanUp! 2010-04-04 01:39 . 2010-04-04 01:39 -------- d-----w- c:\documents and settings\Valued Customer\Application Data\Auslogics 2010-04-04 01:39 . 2010-04-04 01:39 -------- d-----w- c:\program files\Auslogics 2010-04-04 00:52 . 2010-04-04 00:52 -------- d-----w- c:\documents and settings\Valued Customer\Application Data\Malwarebytes 2010-04-04 00:51 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-04 00:51 . 2010-04-04 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-04 00:51 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-04 00:51 . 2010-04-04 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-03 23:24 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-04-03 23:24 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2010-03-25 02:35 . 2010-03-25 02:35 -------- d-----w- c:\documents and settings\Valued Customer\Local Settings\Application Data\ggdrqg 2010-03-24 00:45 . 2010-04-13 00:39 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-03-24 00:45 . 2010-04-14 00:29 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-24 00:43 . 2010-03-24 00:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-17 04:00 . 2007-05-06 19:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-03-11 12:38 . 2001-12-03 17:55 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2006-05-28 00:52 78336 ------w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2002-02-12 22:58 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2001-11-09 14:58 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-04 19:01 . 2003-03-19 03:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2010-03-04 19:01 . 2003-03-19 02:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL 2010-03-04 19:01 . 2003-02-21 10:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2010-02-24 13:11 . 2002-02-12 22:59 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 13:10 . 2002-02-12 22:59 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2001-08-17 17:48 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2002-02-12 22:58 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2002-02-12 22:59 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . .
  19. Juliet, right now the machine is running great. She had problems getting her Games to open, they all open and play fine now. No more BS popups, everything opens as it should. I'll run the Combofix later after the basketball gams, or tomorrow, but I think you may be correct my dear when youi say it might just be clean now.
  20. Results for both scans say: "File not found, make sure the path is correct, you have typed it correctly..etc" The latest MBAM san was the Quick Scan, and found zero infections. This is latest full scan: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3951 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/12/2010 9:09:42 PM mbam-log-2010-04-12 (21-09-42).txt Scan type: Quick scan Objects scanned: 109139 Time elapsed: 8 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  21. Hey Jule.....I got the EXE download fix from DougKnox Site - it worked great - http://www.dougknox.com/xp/file_assoc.htm I ran MBAM Full Scan, but it fouind nothing, so I didn't include the log. I'm not sure if she uses a proxy server or not, there are a bunch of "...svr.exe applications listed in her Sygate list. It was not checked when I went in to change it. DDS LOGS DDS (Ver_10-03-17.01) - FAT32x86 Run by Valued Customer at 10:26:26.37 on Sun 04/18/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.123 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe SVCHOST.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HJT\HijackThis.exe C:\Documents and Settings\Valued Customer\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.rr.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: NAV Helper: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - CNavExtBho Class BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [nwiz] nwiz.exe /install mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui IE: &Search IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-17 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-17 29512] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-17 242696] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-17 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-17 308064] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-28 24652] S1 MpKslaefa9dfc;MpKslaefa9dfc;\??\c:\windows\system32\mpenginestore\mpkslaefa9dfc.sys --> c:\windows\system32\mpenginestore\MpKslaefa9dfc.sys [?] S1 ytiidjdc;ytiidjdc;\??\c:\windows\system32\drivers\ytiidjdc.sys --> c:\windows\system32\drivers\ytiidjdc.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-4-4 85504] S4 vsdatant;vsdatant; [x] =============== Created Last 30 ================ ==================== Find3M ==================== 2010-04-17 04:00:48 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-03-19 22:05:50 4874240 ------w- c:\windows\system32\dllcache\wmp.dll 2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-03-10 04:33:42 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll 2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll 2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll 2010-03-04 19:01:10 503808 ----a-w- c:\windows\system32\MSVCP71.DLL 2010-03-04 19:01:10 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2010-03-04 19:01:10 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2010-02-24 13:11:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 13:11:08 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe 2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2010-02-17 13:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-02-16 14:08:50 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-02-12 04:33:12 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-12 04:33:12 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-11 12:02:16 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys ============= FINISH: 10:27:11.65 ===============
  22. This lady keeps bringing her PC to me with a different problem each time. This time it was not being able to open any EXE files. I solved that with a download. Ya see anything in this log that is out of place, etc.,,, Logfile of HijackThis v1.99.1 Scan saved at 8:10:43 PM, on 4/17/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe TIA
  23. Are these the only discs that it will not read? What sort of difficulties? Does it read them at all?
×
×
  • Create New...