Solved WMP is freezing, also Windows Movie Maker

lewislewis · 2010/12/19

[Resolved] WMP is freezing, also Windows Movie Maker

Hi,
I have been editing home video for family to view Xmas Day.
After several hours things seemed to go wrong. When loading video 'Digital saved to hard drives' the video became jerky and even froze. when attempting to play in WMP same thing.
Jerky and freezing. This is new, I have been using this method on several computers for over 10 years. Today I reinstalled WMP, defragged all drives, scanned all files with AVG removing 4 trojans. AVG scans daily.
I hope you can help because I only have a few hours to complete our Xmas viewing.
Thanks.
Lewis

answer
Read this post, then post the requested log(s) in the Malware and Virus Removal forum.
Arie Slob,

Hi,
Idon't know where to start. Thanks for your reply. I started this morning, ran AVG. Then TFC and then Step 1. On the restart Reg Doctor ran. I then ran GMER, that was running for several hours and while I was out of the room after about 6 hours my computer seem to have crashed. No Signal to the moniter. I have restarted the computer and I went looking for the Malwarebytes Anti-Malware log.
In the C:\Documents and Settings folder a folder seems to be missing and in the admin folder there is no Application Data folder, ditto here C:\Program Files\Malwarebytes Anti-Malware\Logs\log-date.txt NO Log.
I checked all drives in Malwarebytes Anti-Malware and I notice one of my external drives has turned Off.
I am back on and I will await a reply before trying again.
Thanks,
Lewis

answer

Please open a thread in the Malware and Virus Removal forum. A Malware expert will need to assist you if you have trouble running the tools.

__________________
Arie Slob,

broni · 2010/12/19

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I'm not sure, if we'll solve your initial issues, but since some trojans were found, we better check.

Please, read this post, then post the requested log(s).

lewislewis · 2010/12/20

Thanks

I'll start today

lewislewis · 2010/12/20

HI,
When saving the log file I see a problem. when saving I see the logs folder, upto Malwarebytes' Anti-Malware folder, upto Malwarebytes' folder, upto Application folder, upto administrator folder. The problem is in the administrator folder there is no Application folder. it is gone, as I mentioned in my earlier post. In fact if I close after saving I don't see how I can get back to the logs folder. There seems to be a break.
I will pause now and hopefully you can help.
Thanks,
Lewis

broni · 2010/12/20

Leave MBAM alone for now. Proceed with other steps.

lewislewis · 2010/12/21

hi, I am not sure whats happening so here goes

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 3:04:26.32 on Tue 12/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3322.2577 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZA6RHSWH\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [PowerBar]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [RegDoctor] c:\program files\regdoctor\RegDoctor.exe -Quick
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225642572609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {8CD76715-10AE-4FD7-8725-A8E76F3EBD97} = 8.8.8.8,8.8.4.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\my7rdxsx.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: f:\picasa\picasa2\npPicasa2.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-3 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-17 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-17 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-17 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\openvpn technologies\openvpn client\core\capiws.exe [2010-8-6 24064]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-8-3 26112]
S2 gupdate1c98648ae60edc8;Google Update Service (gupdate1c98648ae60edc8);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2006-9-5 217600]

=============== Created Last 30 ================

2010-12-19 16:55:10 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-12-19 16:54:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 16:54:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-19 16:54:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 16:54:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 04:29:01 -------- d-----w- C:\CanadianpickerCOM
2010-12-16 05:41:00 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 05:31:14 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-11 20:32:19 -------- d-----w- C:\New Folder (2)
2010-12-05 22:38:39 -------- d-----w- C:\4sale

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 3:05:43.29 ===============

lewislewis · 2010/12/21

Hi,
I have a fresh AVG scan that may be interesting, it is an excel file.
How do I send it to you?
Thanks,
Lewis

broni · 2010/12/21

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):

I still need Attach.txt part of DDS, MBRCheck and GMER.

lewislewis · 2010/12/21

Hi Broni,
How do I zip the file and how do I attach it?
Thanks,
lewis

broni · 2010/12/21

No need for zipping, or attaching.
Paste straight log into your next reply.

lewislewis · 2010/12/21

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2008 2:27:26 PM
System Uptime: 12/21/2010 2:54:53 AM (1 hours ago)

Motherboard: Intel Corporation | | DG33FB
Processor: Intel Pentium III Xeon processor | J1PR | 42874/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 112.244 GiB free.
D: is Removable
E: is CDROM (UDF)
F: is FIXED (NTFS) - 298 GiB total, 155.369 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 596 GiB total, 79.513 GiB free.
L: is Removable
M: is FIXED (NTFS) - 596 GiB total, 173.013 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\21E2D51902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\21E2D51902700
Service: NIC1394

==== System Restore Points ===================

RP856: 9/22/2010 9:38:58 AM - System Checkpoint
RP857: 9/23/2010 8:02:21 AM - Avg Update
RP858: 9/23/2010 8:03:21 AM - Avg Update
RP859: 9/24/2010 8:33:34 AM - System Checkpoint
RP860: 9/25/2010 9:14:07 AM - System Checkpoint
RP861: 9/26/2010 11:43:42 AM - System Checkpoint
RP862: 9/29/2010 11:50:29 AM - System Checkpoint
RP863: 9/30/2010 6:02:27 PM - System Checkpoint
RP864: 10/1/2010 8:22:43 PM - System Checkpoint
RP865: 10/3/2010 6:05:20 AM - System Checkpoint
RP866: 10/4/2010 6:29:18 AM - System Checkpoint
RP867: 10/4/2010 1:14:22 PM - Avg Update
RP868: 10/5/2010 1:59:45 PM - System Checkpoint
RP869: 10/6/2010 4:07:23 PM - System Checkpoint
RP870: 10/6/2010 11:27:13 PM - Software Distribution Service 3.0
RP871: 10/7/2010 10:57:38 PM - Software Distribution Service 3.0
RP872: 10/9/2010 12:40:06 AM - System Checkpoint
RP873: 10/10/2010 9:41:49 AM - System Checkpoint
RP874: 10/11/2010 4:52:46 PM - System Checkpoint
RP875: 10/12/2010 8:08:00 PM - System Checkpoint
RP876: 10/13/2010 11:14:10 PM - System Checkpoint
RP877: 10/15/2010 12:25:08 AM - System Checkpoint
RP878: 10/16/2010 7:42:31 AM - System Checkpoint
RP879: 10/17/2010 9:33:20 AM - System Checkpoint
RP880: 10/18/2010 12:45:16 PM - System Checkpoint
RP881: 10/19/2010 2:01:16 PM - System Checkpoint
RP882: 10/20/2010 5:49:36 PM - System Checkpoint
RP883: 10/21/2010 6:17:23 PM - System Checkpoint
RP884: 10/21/2010 8:48:36 PM - Software Distribution Service 3.0
RP885: 10/23/2010 3:26:00 PM - System Checkpoint
RP886: 10/24/2010 4:29:38 PM - System Checkpoint
RP887: 10/25/2010 4:49:21 PM - System Checkpoint
RP888: 10/26/2010 8:59:40 AM - Avg Update
RP889: 10/27/2010 11:25:08 PM - System Checkpoint
RP890: 10/29/2010 12:34:19 AM - System Checkpoint
RP891: 10/30/2010 6:01:22 AM - System Checkpoint
RP892: 10/31/2010 6:05:10 AM - System Checkpoint
RP893: 11/1/2010 11:39:07 AM - System Checkpoint
RP894: 11/2/2010 12:19:56 PM - System Checkpoint
RP895: 11/3/2010 1:54:56 PM - System Checkpoint
RP896: 11/4/2010 3:15:07 PM - System Checkpoint
RP897: 11/5/2010 10:11:04 PM - System Checkpoint
RP898: 11/6/2010 10:04:03 PM - System Checkpoint
RP899: 11/8/2010 12:27:37 AM - System Checkpoint
RP900: 11/9/2010 6:04:05 AM - System Checkpoint
RP901: 11/10/2010 7:35:01 AM - System Checkpoint
RP902: 11/10/2010 8:46:14 AM - Avg Update
RP903: 11/10/2010 8:47:07 AM - Avg Update
RP904: 11/11/2010 9:05:36 AM - System Checkpoint
RP905: 11/11/2010 7:58:05 PM - Restore Operation
RP906: 11/11/2010 8:06:01 PM - Avg Update
RP907: 11/11/2010 8:06:40 PM - Avg Update
RP908: 11/12/2010 10:22:56 PM - System Checkpoint
RP909: 11/13/2010 11:18:52 PM - System Checkpoint
RP910: 11/14/2010 11:58:15 PM - System Checkpoint
RP911: 11/16/2010 6:06:56 AM - System Checkpoint
RP912: 11/17/2010 1:44:20 PM - System Checkpoint
RP913: 11/20/2010 8:17:09 AM - System Checkpoint
RP914: 11/21/2010 2:04:19 PM - System Checkpoint
RP915: 11/22/2010 4:14:13 PM - System Checkpoint
RP916: 11/23/2010 8:52:25 PM - System Checkpoint
RP917: 11/24/2010 8:08:02 AM - Avg Update
RP918: 11/24/2010 8:09:27 AM - Avg Update
RP919: 11/25/2010 9:04:31 AM - System Checkpoint
RP920: 11/26/2010 10:31:05 AM - System Checkpoint
RP921: 11/27/2010 10:54:08 AM - System Checkpoint
RP922: 11/28/2010 2:47:20 PM - System Checkpoint
RP923: 11/29/2010 4:24:35 PM - System Checkpoint
RP924: 11/30/2010 5:06:49 PM - System Checkpoint
RP925: 12/1/2010 10:23:22 AM - Installed Java(TM) 6 Update 22
RP926: 12/1/2010 9:41:06 PM - Avg Update
RP927: 12/2/2010 11:46:34 PM - System Checkpoint
RP928: 12/4/2010 10:00:04 AM - System Checkpoint
RP929: 12/5/2010 11:21:52 AM - System Checkpoint
RP930: 12/6/2010 12:12:25 PM - System Checkpoint
RP931: 12/7/2010 5:53:21 PM - System Checkpoint
RP932: 12/8/2010 6:13:52 PM - System Checkpoint
RP933: 12/9/2010 6:15:02 PM - System Checkpoint
RP934: 12/10/2010 7:08:10 PM - System Checkpoint
RP935: 12/11/2010 7:31:54 PM - System Checkpoint
RP936: 12/13/2010 1:01:14 AM - System Checkpoint
RP937: 12/14/2010 10:13:34 AM - System Checkpoint
RP938: 12/15/2010 10:30:46 AM - System Checkpoint
RP939: 12/16/2010 10:54:37 AM - System Checkpoint
RP940: 12/17/2010 1:30:33 PM - System Checkpoint
RP941: 12/18/2010 1:44:17 PM - Software Distribution Service 3.0
RP942: 12/18/2010 11:13:07 PM - Installed Windows Media Player 11
RP943: 12/18/2010 11:14:57 PM - Installed Windows XP MSCompPackV1.
RP944: 12/19/2010 9:05:41 PM - Software Distribution Service 3.0

==== Installed Programs ======================

802.11 USB Wireless LAN Adapter
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe PhotoDeluxe Home Edition 3.0
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Agatha Christie: 4:50 from Paddington
AHV content for Acrobat and Flash
Apple Software Update
Arachnophilia 5.3
Arachnophilia version 4.0
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Art of Murder: FBI Confidential
Artifacts of the Past: Ancient Mysteries
Ashampoo Media Player+ 2.03
Astra SiteManager
AutoUpdate
AVG Free 9.0
Awakening: The Dreamless Castle
Awasu Personal Edition 2.3
Azada ™
Backup4all 3
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield Mod Development Toolkit 2.0 Beta
BBC iPlayer Desktop
BCWipe 2.0
Big Fish Games: Game Manager
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP490 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (remove only)
CodeStuff Starter
Cool Edit Pro 2.1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Dark Parables: Curse of Briar Rose
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
dBworx ver 3.4 (Freeware)
Digital Voice Editor 3
DiMAGE Viewer
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dr. Lynch: Grave Secrets
Dream Chronicles
DVD43 v4.6.0
Escape The Museum
F1 2002
ffdshow [rev 1723] [2007-12-24]
FileZilla Client 3.3.4.1
FlashPeak BlazeFtp 2.0
Forgotten Riddles - The Mayan Princess (remove only)
FREE Hi-Q Recorder 1.92
Free MP3 Recorder 1.0
Free MP3 Sound Recorder v1.9
FreeBASIC 0.20.0b
Google Chrome
Google Earth
Google Update Helper
Google Updater
Gravity 2.9
Harry's Filters 3.01
Haunted Hotel
Hidden Expedition: Amazon ™
Hidden Expedition: Titanic ™
Hidden Identity: Chicago Blackout
Hidden Mysteries: Buckingham Palace ™
Hidden Relics
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Intel® Management Engine Interface
IrfanView (remove only)
Jack the Ripper
Java Auto Updater
Java(TM) 6 Update 22
LightScribe 1.4.74.1
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Train Simulator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Midnight Mysteries: The Edgar Allan Poe Conspiracy
Miracle C Shareware Package
Mozilla Firefox (3.0.17)
MP3 Player Utilities
MSTS Paint Shed
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Launcher
Mystery Case Files: Huntsville ™
Mystery Case Files: Return to Ravenhearst ™
Mystery in London
Nancy Drew Dossier: Lights, Camera, Curses
Nero 7 Ultra Edition
Nightfall Mysteries: Asylum Conspiracy
Nightfall Mysteries: Curse of the Opera
NVIDIA Drivers
Nvu 1.0PR
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenVPN Client
Opera 10.00
PageKeeper Standard 3.0
Paint Shop Pro 7 ESD
PDF Settings
Penny Dreadfuls: Sweeney Todd Collector`s Edition
Picasa 3
PowerDVD
PowerProducer
ProTrain 1.1 US 1.1
PunkBuster for Battlefield 1942
PuppetShow: Souls of the Innocent
QuickTime
Radiotracker
Readiris Pro 8
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
ReBirth RB-338 2.01
RegDoctor 1.56
repliGATOR
Samantha Swift and the Hidden Roses of Athena
Satellite TV for PC Elite 4.8.8.0
Scan Manager 3.1
ScanToWeb
Scrabble Complete
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShareIns
SimCity 2000® Special Edition
Skype Toolbars
Skype™ 5.0
SmartFTP Client
SonicStage 4.3
Sony Player Plug-in for Windows Media Player
Sony Sound Forge 7.0
Sound Blaster Audigy
Special Enquiry Detail: The Hand that Feeds
Strange Cases: The Lighthouse Mystery Collector's Edition
The Lost Cases of 221B Baker St.
The Mystery of the Crystal Portal: Beyond the Horizon
The Rise of Atlantis (remove only)
Tiger Eye - Part I: Curse of the Riddle Box
Tiger Woods PGA TOUR 2005
Time Dreamer
Treasure Seekers: Follow the Ghosts Collector's Edition
TVAnts 1.0
TVersity Codec Pack 1.2
TVersity Media Server 1.0.0.11 RC7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
vr3d
Web Album Generator 1.8.2
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XanaNews 1.18.1.6
XIII
Yawcam 0.3.3

==== Event Viewer Messages From Past Week ========

12/20/2010 8:21:37 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
12/19/2010 5:56:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
12/19/2010 5:56:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
12/19/2010 5:56:03 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.6028.Policy" on line 0.
12/19/2010 5:53:42 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
12/19/2010 12:05:11 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
12/19/2010 11:11:37 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:37 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:37 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:37 AM, error: Service Control Manager [7034] - The OpenVPN Access Client service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:37 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:36 AM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:36 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:35 AM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
12/19/2010 11:11:35 AM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/19/2010 11:11:34 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 9:15:07 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/18/2010 9:13:58 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg9wd service.
12/18/2010 6:55:14 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf170e93, parameter3 b28bd694, parameter4 00000000.

==== End Of File ===========================

broni · 2010/12/21

Go on....

lewislewis · 2010/12/21

results from AVG scan.

I have some results from the AVG scan I did earlier, it is saved in an Excel file I would like to send. How can I send it?
Lewis

broni · 2010/12/21

Please, re-read my reply #8.

lewislewis · 2010/12/26

Hi Broni,
Please refer to message 4.
I have now run GMER twice and it scanned for hours and finally crashed the computer. there were different messages like...'unable to save data for file \device\harddiskvolume1\$mft the data has been lost'...
I was unable to save the scan info.
I have found a something that I cannot remove called NTUSER ...A video CD Movie.. 14,848 kb, it has the Quicktime icon.
When I tried to delete it I get a message 'it is in use and cannot be removed'.
I tried restarting the computer and I still could not remove this item.
I did try to open the video before I tried to remove it. It would not play...I don't know where this Video file came from but I fear the worst.
Thanks,
Lewis

broni · 2010/12/26

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

lewislewis · 2010/12/26

TDSS rootkit removing tool

2010/12/26 14:49:04.0000 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/26 14:49:04.0000 ================================================================================
2010/12/26 14:49:04.0000 SystemInfo:
2010/12/26 14:49:04.0000
2010/12/26 14:49:04.0000 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/26 14:49:04.0000 Product type: Workstation
2010/12/26 14:49:04.0000 ComputerName: LEWIS-AE0B75C2F
2010/12/26 14:49:04.0000 UserName: Administrator
2010/12/26 14:49:04.0000 Windows directory: C:\WINDOWS
2010/12/26 14:49:04.0000 System windows directory: C:\WINDOWS
2010/12/26 14:49:04.0000 Processor architecture: Intel x86
2010/12/26 14:49:04.0000 Number of processors: 4
2010/12/26 14:49:04.0000 Page size: 0x1000
2010/12/26 14:49:04.0000 Boot type: Normal boot
2010/12/26 14:49:04.0000 ================================================================================
2010/12/26 14:49:05.0171 Initialize success
2010/12/26 15:35:50.0671 ================================================================================
2010/12/26 15:35:50.0687 Scan started
2010/12/26 15:35:50.0687 Mode: Manual;
2010/12/26 15:35:50.0687 ================================================================================
2010/12/26 15:35:53.0125 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/12/26 15:35:53.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/26 15:35:53.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/26 15:35:53.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/26 15:35:53.0531 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/12/26 15:35:53.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/26 15:35:54.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/26 15:35:54.0968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/26 15:35:55.0031 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/26 15:35:55.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/26 15:35:55.0234 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/26 15:35:55.0421 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/12/26 15:35:55.0546 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/26 15:35:55.0625 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/26 15:35:55.0671 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/26 15:35:55.0781 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/26 15:35:55.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/26 15:35:55.0906 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/26 15:35:55.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/26 15:35:55.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/26 15:35:56.0046 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/26 15:35:56.0250 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/12/26 15:35:56.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/26 15:35:56.0421 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/26 15:35:56.0562 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/26 15:35:56.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/26 15:35:56.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/26 15:35:56.0828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/26 15:35:56.0859 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2010/12/26 15:35:56.0968 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/26 15:35:57.0031 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
2010/12/26 15:35:57.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/26 15:35:57.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/26 15:35:57.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/26 15:35:57.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/26 15:35:57.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/26 15:35:57.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/26 15:35:57.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/26 15:35:57.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/26 15:35:57.0390 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/26 15:35:57.0437 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
2010/12/26 15:35:57.0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/26 15:35:57.0531 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/26 15:35:57.0593 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/26 15:35:57.0625 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/26 15:35:57.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/26 15:35:57.0734 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/26 15:35:57.0937 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/26 15:35:58.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/26 15:35:58.0312 IntcAzAudAddService (b1a809e7fe19becd5aca61f0e7088c8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/26 15:35:58.0593 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/26 15:35:58.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/26 15:35:58.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/26 15:35:58.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/26 15:35:58.0906 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/26 15:35:58.0921 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/26 15:35:58.0953 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/26 15:35:58.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/26 15:35:59.0015 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/26 15:35:59.0062 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/26 15:35:59.0125 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/26 15:35:59.0218 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/26 15:35:59.0328 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/12/26 15:35:59.0375 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/26 15:35:59.0484 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/12/26 15:35:59.0546 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/12/26 15:35:59.0593 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/12/26 15:35:59.0640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/26 15:35:59.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/26 15:35:59.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/26 15:35:59.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/26 15:35:59.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/26 15:35:59.0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/26 15:35:59.0859 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/26 15:36:00.0015 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/12/26 15:36:00.0046 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/26 15:36:00.0093 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/26 15:36:00.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/26 15:36:00.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/26 15:36:00.0218 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/26 15:36:00.0265 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/26 15:36:00.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/26 15:36:00.0406 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/26 15:36:00.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/26 15:36:00.0562 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/26 15:36:00.0640 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/26 15:36:00.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/26 15:36:00.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/26 15:36:00.0750 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/26 15:36:00.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/26 15:36:00.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/26 15:36:00.0921 NETMDUSB (986acdece933131288f1957dc359865f) C:\WINDOWS\system32\Drivers\NETMDUSB.sys
2010/12/26 15:36:01.0000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/26 15:36:01.0062 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/26 15:36:01.0078 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/26 15:36:01.0156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/26 15:36:01.0406 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/26 15:36:01.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/26 15:36:01.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/26 15:36:01.0703 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/12/26 15:36:01.0718 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/12/26 15:36:01.0812 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/12/26 15:36:01.0890 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/12/26 15:36:01.0906 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/26 15:36:01.0984 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/12/26 15:36:02.0062 P17 (1db419cb76493f6292ccfbdc3466f5ff) C:\WINDOWS\system32\drivers\P17.sys
2010/12/26 15:36:02.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/26 15:36:02.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/26 15:36:02.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/26 15:36:02.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/26 15:36:02.0453 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/26 15:36:02.0500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/26 15:36:02.0578 pepifilter (4349c7dc0c982cffc11946fff20f8524) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2010/12/26 15:36:02.0703 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/12/26 15:36:02.0796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/26 15:36:02.0812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/26 15:36:02.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/26 15:36:02.0875 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/26 15:36:03.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/26 15:36:03.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/26 15:36:03.0046 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/26 15:36:03.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/26 15:36:03.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/26 15:36:03.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/26 15:36:03.0140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/26 15:36:03.0171 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/26 15:36:03.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/26 15:36:03.0234 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/26 15:36:03.0281 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/26 15:36:03.0281 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/26 15:36:03.0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/26 15:36:03.0406 SIS163u (d937333f5a42ed8fc550a70ad06642e3) C:\WINDOWS\system32\DRIVERS\sis163u.sys
2010/12/26 15:36:03.0468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/26 15:36:03.0546 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/26 15:36:03.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/26 15:36:03.0640 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/26 15:36:03.0718 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/26 15:36:03.0750 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/26 15:36:03.0765 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/26 15:36:03.0875 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/26 15:36:03.0921 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
2010/12/26 15:36:04.0015 tapoas (827c8058c284ff0013e4462efe2591a3) C:\WINDOWS\system32\DRIVERS\tapoas.sys
2010/12/26 15:36:04.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/26 15:36:04.0140 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/12/26 15:36:04.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/26 15:36:04.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/26 15:36:04.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/26 15:36:04.0296 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/26 15:36:04.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/26 15:36:04.0406 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/26 15:36:04.0468 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/26 15:36:04.0500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/26 15:36:04.0515 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/26 15:36:04.0546 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/26 15:36:04.0593 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/26 15:36:04.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/26 15:36:04.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/26 15:36:04.0765 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/26 15:36:04.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/26 15:36:04.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/26 15:36:04.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/26 15:36:04.0921 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/26 15:36:04.0984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/26 15:36:05.0015 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/26 15:36:05.0062 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/26 15:36:06.0359 ================================================================================
2010/12/26 15:36:06.0359 Scan finished
2010/12/26 15:36:06.0359 ================================================================================

broni · 2010/12/26

That looks good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

lewislewis · 2010/12/27

ComboFix 10-12-26.01 - Administrator 12/27/2010 1:21.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3322.2637 [GMT -5:00]
Running from: c:\exe\TFCleaner\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Recent\Thumbs.db
C:\Thumbs.db
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\settings.reg
c:\windows\system32\Data
G:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-27 to 2010-12-27 )))))))))))))))))))))))))))))))
.

2010-12-26 22:43 . 2010-12-03 09:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-26 18:59 . 2010-12-26 18:59 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-26 18:58 . 2010-12-26 18:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
2010-12-26 18:57 . 2010-12-26 18:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-26 15:07 . 2010-12-26 15:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-19 16:55 . 2010-12-19 16:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-19 16:54 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 16:54 . 2010-12-19 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-19 16:54 . 2010-12-26 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 16:54 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 04:29 . 2010-12-17 04:31 -------- d-----w- C:\CanadianpickerCOM
2010-12-16 05:41 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-16 05:31 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-11 20:32 . 2010-12-11 20:32 -------- d-----w- C:\New Folder (2)
2010-12-05 22:38 . 2010-12-16 01:46 -------- d-----w- C:\4sale

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 09:05 . 2009-10-03 19:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-18 18:12 . 2008-07-16 18:23 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2007-07-27 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2007-07-27 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2007-07-27 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-01-16 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-01-16 166424]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-01-16 137752]
"RegDoctor "= "c:\program files\RegDoctor\RegDoctor.exe" [2005-11-30 2260992]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz "= "nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"P17Helper "= "P17.dll" [2005-05-03 64512]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CTSysVol "= "c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL "= "start http:" [X]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OpenVPN Client.lnk]
backup=c:\windows\pss\OpenVPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PageKeeper Jobs.lnk]
backup=c:\windows\pss\PageKeeper Jobs.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-01-11 23:54 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 00:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-10 03:13 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 11:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 00:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe "=
"c:\\Program Files\\Ubisoft\\XIII\\system\\XIII.exe "=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe "=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP "= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP "= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP "= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP "= 50901:TCP:Adobe Version Cue CS3 Server

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/3/2009 2:05 PM 64288]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [8/6/2010 4:23 PM 24064]
S2 gupdate1c98648ae60edc8;Google Update Service (gupdate1c98648ae60edc8);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2009 4:45 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 4:05 AM 1389400]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [9/5/2006 2:16 AM 217600]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [8/3/2010 3:25 PM 26112]
.
Contents of the 'Scheduled Tasks' folder

2010-12-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05]

2010-12-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 12:43]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 21:45]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 21:45]

2010-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-764733703-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 03:13]

2010-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-764733703-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-10 03:13]

2010-12-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-764733703-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-764733703-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{298EE511-60FE-41A3-9968-57F06043CCB1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {8CD76715-10AE-4FD7-8725-A8E76F3EBD97} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\my7rdxsx.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-PowerBar - (no file)
AddRemove-BFG-Nancy Drew Dossier - Lights, Camera Curses - c:\program files\Nancy Drew Dossier - Lights

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-27 01:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????B~????????????&?B~l?@?l?@????? ?????????????D~0?B~????&?B~?xB~x????????xB~???????? ???????????s??|x???0???????????Q?stA?B~????????????????~???????????????l?@?l?@?????zwB~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-764733703-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,4c,11,10,91,4d,07,46,b0,e6,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,4c,11,10,91,4d,07,46,b0,e6,02,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version "=hex:3d,5d,79,e8,f3,b6,dd,cc,1b,23,fa,fb,d1,09,de,1e,8a,f3,af,85,67,
5d,e4,25,0b,65,9e,d2,07,17,3c,fb,65,02,79,76,e9,c0,d3,07,4e,22,eb,1b,de,0e,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0 "= "REMOVED "

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version "=hex:3d,5d,79,e8,f3,b6,dd,cc,1b,23,fa,fb,d1,09,de,1e,8a,f3,af,85,67,
5d,e4,25,0b,65,9e,d2,07,17,3c,fb,65,02,79,76,e9,c0,d3,07,4e,22,eb,1b,de,0e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(9592)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\dllhost.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\Rundll32.exe
.
**************************************************************************
.
Completion time: 2010-12-27 01:36:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-27 06:36

Pre-Run: 108,136,337,408 bytes free
Post-Run: 108,365,205,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 52A4CD7653C14FCEA4CE20F79F365E40

lewislewis · 2010/12/27

Hi,
I think all my problems may be associated with one hard drive. I have realised that all the problem videos are stored on one drive (K). That drive seems to have slowed down to a crawl.
A video file that should take 5 mins to download to my desktop will take Estimated 250 minutes.
Lewis

Log in or Sign up

Solved WMP is freezing, also Windows Movie Maker

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

lewislewis Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved WMP is freezing, also Windows Movie Maker

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

broni Moderator Malware Analyst

lewislewis Well-Known Member Thread Starter

lewislewis Well-Known Member Thread Starter

Share This Page

Useful Searches