Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Odd Computer Behavior and Lockups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Odd Computer Behavior and Lockups

Unread postby darksmoke12 » September 4th, 2008, 2:00 pm

I need your help to repair whatever is wrong with the office computer. It would do a restart loop with the check disk coming up everytime before restarting again, but this was resolved by holding the power button and powering back up. Now it will completely freeze up after 30 seconds into the login of the user account. It is only functional and stable in safemode and I've tried many anti-virus and malware removal software with little success. I appreciate any help that you can offer, thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:40 PM, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on AA-5100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P42 "Auto EPSON Stylus CX7800 Series on AA-5100" /O18 "\\AA-5100\Printer2" /M "Stylus CX7800"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sithoutpost.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sithoutpost.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllavgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6626 bytes
darksmoke12
Active Member
 
Posts: 9
Joined: September 4th, 2008, 1:47 pm
Advertisement
Register to Remove

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 10th, 2008, 7:40 am

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 10th, 2008, 7:58 am

Hi darksmoke12,

Please don't use the internet while on Safe mode with network support doing so any protection programs you have will be disabled and you will likely be in worse trouble than when you started. If you can't get back into normal mode just use Safe Mode and copy any logs needed to a cd or something similar and post the logs from a different computer if possible.

I don't see anything malicious but I do see at least 2 antivirus programs, having more than one AV can cause system instability and may well be a factor with the issues you are having. Uninstall any antivirus you have except for 1 of them. The same advice goes for having more than 1 firewall.

After you have done that see if you can get back into normal mode long enough to post a new HijackThis log, if you can't I will try a different approach but again please try use a different computer to access the internet if you can't get back into Normal mode.

Let me know how you get on.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 13th, 2008, 4:53 pm

Hi darksmoke12, do you still need any help?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby darksmoke12 » September 13th, 2008, 8:54 pm

Yes I still need your help. Sorry about the long delay, but it took me awhile to successfully boot into normal mode without it freezing right away. It seems to be fine every time I install a anti-virus software, but goes back to freezing after restart. Also it is tied to the WMI service (meaning the computer boots fine without it, but I'd still need that Microsoft service). So here is the new log file at normal boot. Tell me if anything is out of the ordinary.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:21 PM, on 9/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on AA-5100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P42 "Auto EPSON Stylus CX7800 Series on AA-5100" /O18 "\\AA-5100\Printer2" /M "Stylus CX7800"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sithoutpost.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sithoutpost.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllavgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7507 bytes
darksmoke12
Active Member
 
Posts: 9
Joined: September 4th, 2008, 1:47 pm

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 14th, 2008, 3:25 pm

There is nothing obvious still, but I'll have a deeper look. I still think your issues are from all the protection programs you had installed. As malware has become more aggressive and stubborn, security vendors have had to up their game accordingly as a result, the "layered approach" of using countless security products is pretty much redundant now as it will cause more harm than good.

Step 1:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby darksmoke12 » September 15th, 2008, 10:12 pm

Disregard in my last post that the WMI service would stop the problem, it didn't. I Found out it has no start-up entry. It seems to 'hitch' onto random start-up entries which change at every third startup. The next service that this occurred with was the windows defender service and shortly thereafter switched to something else. I might have noted this before, but I do not think the problem is necessarily attributed to the spyware and anti-virus overlap because none of these programs were installed when this problem occured first except for AVG, Ad-aware, and Spy-bot. Even weirder is the fact that this freezing issue still occured after a factory reinstall as well. sorry about the ramble and for the fact that Avira is with Avast for some odd reason it will allow normal boot after an anti-virus has been installed.

P.S. Let me know if my ,um, observations are uncalled for or annoying you.

info.txt logfile of random's system information tool 1.01 2008-09-15 20:53:11

Uninstall list

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eConsole-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}\setup.exe" -l0x9
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0x9
Acer Empowering Technology framework-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced WindowsCare Personal-->"C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Barbie(TM) Fashion Show(TM) CD-ROM-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\FashionUn.exe
Big Fish Games Texas Hold `em (remove only)-->C:\Program Files\Texas Hold 'em\Uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DriveImage XML-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\setup.exe" -l0x9 -anything
Glary Utilities 2.6.1-->"C:\Program Files\Glary Utilities\unins000.exe"
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homestead SiteBuilder-->C:\Program Files\Homestead\Homestead SiteBuilder\hkuninst.exe -path C:\Program Files\Homestead\Homestead SiteBuilder
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Integrated Performance Primitives RTI 4.0-->MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LEGO Island 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\LEGO Media\LEGO Island 2\Setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MyPoints Toolbar-->C:\Program Files\mypoints\uninstall.exe
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F9745BC1-93BD-49B9-A6C8-C005E7E92F3C} CDM7
NTI HomeVideo-Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}\setup.exe" -l0x9
NutriCook-->MsiExec.exe /I{0E020DC9-6A95-4A27-9567-403DB2687953}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PE Builder 3.1.10a-->"c:\pebuilder3110a\unins000.exe"
Prism-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SimCity 4 Deluxe-->C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Battlefront II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
Star Wars Battlefront-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C79CB9C7-10A4-4814-8402-F574672C2192}\Setup.exe" -l0x9
Star Wars Republic Commando-->C:\Program Files\InstallShield Installation Information\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
The Right Track (R) Software-->C:\PROGRA~1\RTS7~1.0\UNWISE.EXE C:\PROGRA~1\RTS7~1.0\INSTALL.LOG
Tradewinds Legends-->"C:\Program Files\Tradewinds Legends\ReflexiveArcade\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
Watchtower Library 2004 - English Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86F8EC66-6E42-4C20-88DC-FBD0357F8159}\setup.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

Hosts File

127.0.0.1 localhost
127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com

Security center information

AV: Avira AntiVir PersonalEdition (outdated)
AV: avast! antivirus 4.8.1229 [VPS 080914-0]
FW: Norton Internet Worm Protection (disabled)
FW: COMODO Firewall Pro

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------









Logfile of random's system information tool 1.01 (written by random/random)
Run by Trever at 2008-09-15 20:52:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 33 GB (36%) free of 93 GB
Total RAM: 1470 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:07 PM, on 9/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\awServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Documents and Settings\Trever\Desktop\RSIT.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Trend Micro\HijackThis\Trever.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on AA-5100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P42 "Auto EPSON Stylus CX7800 Series on AA-5100" /O18 "\\AA-5100\Printer2" /M "Stylus CX7800"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sithoutpost.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sithoutpost.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllavgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8051 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-27 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
MYPOINTS - C:\PROGRA~1\mypoints\mypoints.dll [2007-10-02 1909248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{A057A204-BACC-4D26-CEC4-75A487FD6484} - MYPOINTS - C:\PROGRA~1\mypoints\mypoints.dll [2007-10-02 1909248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus CX7800 Series on AA-5100"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE [2005-04-06 98304]
"EPSON Stylus CX7800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE [2005-04-06 98304]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-05-31 1655552]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-11 7311360]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-10-05 866584]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-07-19 78008]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdminWorks Tray]
C:\Acer\Empowering Technology\awtray.exe [2005-08-18 1304576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-08-16 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2005-11-11 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-27 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2007-11-06 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2
"vmserverdWin32"=2
"vmount2"=2
"VMnetDHCP"=2
"VMAuthdService"=2
"Symantec Core LC"=2
"LightScribeService"=2
"iPod Service"=3
"gusvc"=3
"Apple Mobile Device"=2
"PnkBstrA"=2
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dllavgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll [2006-08-23 5906432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-10-05 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\Intuit\QBDBMgrN.exe"="C:\Program Files\Intuit\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\System32\msiexec.exe"="C:\WINDOWS\System32\msiexec.exe:*:Enabled:Windows® installer"
"C:\Program Files\NBC Direct\StoreFrontPlayer.exe"="C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Enabled:NBC Direct Beta"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds Saga\Game\Battlegrounds.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds Saga\Game\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds Saga\Game\battlegrounds_x1.exe"="C:\Program Files\LucasArts\Star Wars Galactic Battlegrounds Saga\Game\battlegrounds_x1.exe:*:Enabled:Star Wars Galactic Battlegrounds: Clone Campaigns"
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe"="C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:Star Wars(TM): Republic Commando(TM)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688b8073-b3ea-11dc-b47b-001558260418}]
shell\AutoRun\command - H:\setupSNK.exe


File associations

.reg - open - regedit.exe "%1" %*

List of files/folders created in the last three months

2008-09-15 19:39:22 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-15 18:10:30 ----SHD---- C:\FOUND.017
2008-09-15 18:04:25 ----D---- C:\rsit
2008-09-15 18:01:32 ----SHD---- C:\FOUND.016
2008-09-14 12:27:58 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem #2.txt
2008-09-14 12:23:26 ----SHD---- C:\FOUND.015
2008-09-14 11:59:14 ----SHD---- C:\FOUND.014
2008-09-13 17:02:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-13 09:52:32 ----D---- C:\Documents and Settings\Trever\Application Data\Grisoft
2008-09-13 09:52:23 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-13 09:43:08 ----SHD---- C:\FOUND.013
2008-09-12 16:50:32 ----SHD---- C:\FOUND.012
2008-09-12 16:45:42 ----SHD---- C:\FOUND.011
2008-09-11 18:46:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-11 18:46:26 ----SHD---- C:\FOUND.010
2008-09-11 18:41:58 ----SHD---- C:\FOUND.009
2008-09-09 21:40:07 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 21:39:10 ----HD---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 17:40:40 ----D---- C:\Program Files\Alwil Software
2008-09-04 12:21:22 ----D---- C:\Program Files\Trend Micro
2008-09-04 09:55:58 ----SHD---- C:\FOUND.008
2008-09-03 20:14:27 ----D---- C:\Program Files\IObit
2008-09-02 17:30:30 ----SHD---- C:\FOUND.007
2008-09-02 08:21:42 ----SHD---- C:\FOUND.006
2008-09-02 08:15:06 ----SHD---- C:\FOUND.005
2008-09-01 07:01:10 ----SHD---- C:\FOUND.004
2008-09-01 06:56:20 ----SHD---- C:\FOUND.003
2008-08-31 20:26:00 ----SHD---- C:\FOUND.002
2008-08-30 16:56:07 ----D---- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-08-30 14:38:51 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2008-08-28 21:06:16 ----D---- C:\WINDOWS\Temp
2008-08-28 16:37:24 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-28 16:37:17 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-28 16:37:08 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-28 16:36:59 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-28 16:32:25 ----D---- C:\Documents and Settings\Trever\Application Data\Malwarebytes
2008-08-28 16:31:48 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-28 16:31:34 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-28 16:31:16 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-28 14:03:23 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-08-28 10:56:16 ----D---- C:\Program Files\Avira
2008-08-27 22:17:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-27 22:17:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 10:56:11 ----D---- C:\Program Files\Bonjour
2008-07-18 10:19:48 ----D---- C:\Program Files\Barbie(TM)
2008-07-18 10:19:47 ----D---- C:\Program Files\Common Files\Vivendi Universal Games
2008-07-17 15:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-07-17 14:55:34 ----D---- C:\Documents and Settings\Trever\Application Data\VSRevoGroup
2008-07-08 23:12:32 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-08 16:41:30 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-06-26 15:10:46 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-06-23 20:20:24 ----D---- C:\Program Files\Common Files\DESIGNER
2008-06-20 11:52:40 ----D---- C:\Program Files\LucasArts
2008-06-20 10:03:44 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-05-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-05-23 24208]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-03 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-06-07 925192]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 Ca536av;FashionCam Video Camera Device; C:\WINDOWS\System32\Drivers\Ca536av.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DMSKSSRh;DMSKSSRh; \??\C:\DOCUME~1\Jared\LOCALS~1\Temp\DMSKSSRh.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-08-02 5035]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-06-27 9600]
S3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 USBCamera;FashionCam Digital Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk536.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-09 9600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-03 611664]
R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\awServ.exe [2005-08-18 86528]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-05-26 519936]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-10-05 13592]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-31 66872]

-----------------EOF-----------------
darksmoke12
Active Member
 
Posts: 9
Joined: September 4th, 2008, 1:47 pm

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 16th, 2008, 2:40 pm

This seems like a hardware issue unfortunately. :(

These folders C:\FOUND.001, C:\FOUND.002.....etc. are created by chkdsk when it is trying to recover or repair some data damaged. More often than not, this is a sign the hard drive is on the way out or sometimes the CPU overheating. As you have done a "factory reinstall" and you are still getting the same troubles is another sign of hardware failure. The best advice I can give you is to backup everything that's important to you on this hard drive as it may not last too much longer.

There is some malware but I don't believe it's the root of your troubles, but I can clean it out and we will see what happens. With the tool I'm going to use it's important to have any and all security programs (firewall, antivirus, etc.) disabled when you run it.

Step 1:
We will begin with ComboFix.exe, which can be downloaded from one of the following links.
Link 1
Link 2
Link 3

Please visit this webpage for instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    http://www.bleepingcomputer.com/forums/topic114351.html

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt


Step 2:
Run HijackThis, do a system scan and in your next reply please post:
  • The ComboFix report (C:\ComboFix.txt)
  • The new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby darksmoke12 » September 18th, 2008, 12:33 pm

Man that took forever to get the computer to work in normal mode this time. I finally have the two logs, but with a few problems I don't think the computer was supposed to restart twice in the middle of the combo fix scan. If need me to redo let me know.


ComboFix 08-09-16.05 - Trever 2008-09-18 11:05:12.1 - FAT32x86

Running from: C:\Documents and Settings\Trever\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trever\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.

2008-09-18 10:52 . 2008-09-18 10:52 <DIR> d--hs---- C:\FOUND.022
2008-09-18 07:55 . 2008-09-18 07:55 <DIR> d--hs---- C:\FOUND.021
2008-09-18 07:45 . 2008-09-18 07:45 <DIR> d--hs---- C:\FOUND.020
2008-09-18 07:33 . 2008-09-18 07:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-09-18 07:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-17 20:19 . 2008-09-17 20:19 <DIR> d--hs---- C:\FOUND.019
2008-09-17 16:50 . 2008-09-17 16:50 <DIR> d--hs---- C:\FOUND.018
2008-09-15 19:39 . 2008-09-15 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-15 18:10 . 2008-09-15 18:10 <DIR> d--hs---- C:\FOUND.017
2008-09-15 18:04 . 2008-09-15 18:04 <DIR> d-------- C:\rsit
2008-09-15 18:04 . 2008-09-15 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-09-15 18:01 . 2008-09-15 18:01 <DIR> d--hs---- C:\FOUND.016
2008-09-14 12:23 . 2008-09-14 12:23 <DIR> d--hs---- C:\FOUND.015
2008-09-14 11:59 . 2008-09-14 11:59 <DIR> d--hs---- C:\FOUND.014
2008-09-13 09:52 . 2008-09-13 09:52 <DIR> d-------- C:\Documents and Settings\Trever\Application Data\Grisoft
2008-09-13 09:52 . 2008-09-13 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-13 09:43 . 2008-09-13 09:43 <DIR> d--hs---- C:\FOUND.013
2008-09-12 16:50 . 2008-09-12 16:50 <DIR> d--hs---- C:\FOUND.012
2008-09-12 16:45 . 2008-09-12 16:45 <DIR> d--hs---- C:\FOUND.011
2008-09-11 18:46 . 2008-09-11 18:46 <DIR> d--hs---- C:\FOUND.010
2008-09-11 18:41 . 2008-09-11 18:41 <DIR> d--hs---- C:\FOUND.009
2008-09-11 13:03 . 2008-09-11 13:03 262,144 --a------ C:\Documents and Settings\Forest
2008-09-11 08:04 . 2008-09-11 08:04 <DIR> d-------- C:\Documents and Settings\Trever\.housecall6.6
2008-09-09 17:40 . 2008-09-09 17:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 12:21 . 2008-09-04 12:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-04 09:55 . 2008-09-04 09:55 <DIR> d--hs---- C:\FOUND.008
2008-09-04 07:21 . 2008-09-04 07:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-09-04 07:18 . 2008-09-04 07:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-09-03 20:49 . 2008-09-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-09-03 20:32 . 2008-09-03 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-03 20:14 . 2008-09-03 20:14 <DIR> d-------- C:\Program Files\IObit
2008-09-03 17:46 . 2008-09-03 17:46 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-03 17:42 . 2008-09-03 17:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-02 17:30 . 2008-09-02 17:30 <DIR> d--hs---- C:\FOUND.007
2008-09-02 08:21 . 2008-09-02 08:21 <DIR> d--hs---- C:\FOUND.006
2008-09-02 08:15 . 2008-09-02 08:15 <DIR> d--hs---- C:\FOUND.005
2008-09-01 07:01 . 2008-09-01 07:01 <DIR> d--hs---- C:\FOUND.004
2008-09-01 06:56 . 2008-09-01 06:56 <DIR> d--hs---- C:\FOUND.003
2008-08-31 20:26 . 2008-08-31 20:26 <DIR> d--hs---- C:\FOUND.002
2008-08-30 16:56 . 2008-08-30 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-08-30 16:25 . 2008-08-30 16:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-30 16:23 . 2008-08-30 16:23 1,024 --a------ C:\.rnd
2008-08-30 14:38 . 2008-04-13 19:11 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-08-30 14:38 . 2008-04-13 19:11 47,616 --a------ C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-08-28 16:32 . 2008-08-28 16:32 <DIR> d-------- C:\Documents and Settings\Trever\Application Data\Malwarebytes
2008-08-28 14:51 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 14:47 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-28 14:03 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-28 12:53 . 2008-08-28 12:53 <DIR> d-------- C:\Documents and Settings\James\Application Data\Auslogics
2008-08-28 12:46 . 2008-08-28 12:46 <DIR> d-------- C:\Documents and Settings\James\Application Data\GlarySoft
2008-08-28 10:56 . 2008-08-28 10:56 <DIR> d-------- C:\Program Files\Avira
2008-08-27 22:17 . 2008-08-27 22:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-27 22:17 . 2008-08-27 22:17 <DIR> d-------- C:\Documents and Settings\James\Application Data\Malwarebytes
2008-08-27 22:17 . 2008-08-27 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 22:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 22:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 20:41 . 2008-08-27 20:41 <DIR> d-------- C:\Documents and Settings\James\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 15:56 --------- d-----w C:\Program Files\Bonjour
2008-07-22 12:50 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 15:19 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2008-07-18 15:19 --------- d-----w C:\Program Files\Barbie(TM)
2008-07-12 23:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-01 14:51 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-26 20:10 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-06-24 23:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-10-02 15:06 94 ----a-w C:\Documents and Settings\Trever\Application Data\MTC-savedfolder.dat
2008-05-16 02:36 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 15:31 1909248 --a------ C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\PROGRA~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\PROGRA~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus CX7800 Series on AA-5100"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304]
"EPSON Stylus CX7800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 7311360]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"nwiz"="nwiz.exe" [2005-11-11 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdminWorks Tray]
--a------ 2005-08-18 22:26 1304576 C:\Acer\Empowering Technology\awtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-19 09:38 78008 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-05-31 06:35 1655552 C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-08-16 09:56 368640 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 05:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-11-11 04:47 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-27 15:56 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-10-05 22:11 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"vmserverdWin32"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WmiApSrv"=3 (0x3)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe"
"SMSERIAL"=sm56hlpr.exe
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\WINDOWS\\System32\\msiexec.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:AdminWorks UDP Port
"2804:TCP"= 2804:TCP:AdminWorks TCP Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-23 24208]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-08-08 12170]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-03-31 4010]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [ ]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Jared\LOCALS~1\Temp\DMSKSSRh.sys [ ]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-08-02 5035]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688b8073-b3ea-11dc-b47b-001558260418}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Trever\Application Data\Mozilla\Firefox\Profiles\das36r6w.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://global.acer.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nphssb.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 11:20:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\ACER\ACER ECONSOLE\MEDIASERVERSERVICE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ACER\EMPOWERING TECHNOLOGY\AWSERV.EXE
C:\PROGRAM FILES\COMODO\FIREWALL\CMDAGENT.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
.
**************************************************************************
.
Completion time: 2008-09-18 11:22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 16:22:36

Pre-Run: 34,462,597,120 bytes free
Post-Run: 35,834,298,368 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

305 --- E O F --- 2008-09-10 02:52:24








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:50 AM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on AA-5100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P42 "Auto EPSON Stylus CX7800 Series on AA-5100" /O18 "\\AA-5100\Printer2" /M "Stylus CX7800"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sithoutpost.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sithoutpost.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7038 bytes
darksmoke12
Active Member
 
Posts: 9
Joined: September 4th, 2008, 1:47 pm

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 18th, 2008, 8:52 pm

Is there a reason why your computer is using the FAT32 file system instead of NTFS?


Step 1:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\FOUND.002
C:\FOUND.003
C:\FOUND.004
C:\FOUND.005
C:\FOUND.006
C:\FOUND.007
C:\FOUND.008
C:\FOUND.009
C:\FOUND.010
C:\FOUND.011
C:\FOUND.012
C:\FOUND.013
C:\FOUND.014
C:\FOUND.015
C:\FOUND.016
C:\FOUND.017
C:\FOUND.018
C:\FOUND.019
C:\FOUND.020
C:\FOUND.021
C:\FOUND.022
C:\DOCUME~1\Jared\LOCALS~1\Temp\DMSKSSRh.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::
DMSKSSRh


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply along with a new HijackThis log.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby darksmoke12 » September 19th, 2008, 6:06 pm

Yeeeah about the FAT 32, that had nothing to do with me. ACER, the company that manufactures that pc, didn't use NFTS because it was incompatible with their recovery software that comes standard. I think they fixed this issue, but none the less the FAT 32 has caused me a few problems. Anyway here's the 2nd round.



ComboFix 08-09-16.05 - Trever 2008-09-19 16:53:02.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.993 [GMT -5:00]
Running from: C:\Documents and Settings\Trever\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Trever\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh


((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-18 10:52 . 2008-09-18 10:52 <DIR> d--hs---- C:\FOUND.022
2008-09-18 07:55 . 2008-09-18 07:55 <DIR> d--hs---- C:\FOUND.021
2008-09-18 07:45 . 2008-09-18 07:45 <DIR> d--hs---- C:\FOUND.020
2008-09-18 07:33 . 2008-09-18 07:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-09-18 07:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-17 20:19 . 2008-09-17 20:19 <DIR> d--hs---- C:\FOUND.019
2008-09-17 16:50 . 2008-09-17 16:50 <DIR> d--hs---- C:\FOUND.018
2008-09-15 19:39 . 2008-09-15 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-15 18:10 . 2008-09-15 18:10 <DIR> d--hs---- C:\FOUND.017
2008-09-15 18:04 . 2008-09-15 18:04 <DIR> d-------- C:\rsit
2008-09-15 18:04 . 2008-09-15 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-09-15 18:01 . 2008-09-15 18:01 <DIR> d--hs---- C:\FOUND.016
2008-09-14 12:23 . 2008-09-14 12:23 <DIR> d--hs---- C:\FOUND.015
2008-09-14 11:59 . 2008-09-14 11:59 <DIR> d--hs---- C:\FOUND.014
2008-09-13 09:52 . 2008-09-13 09:52 <DIR> d-------- C:\Documents and Settings\Trever\Application Data\Grisoft
2008-09-13 09:52 . 2008-09-13 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-13 09:43 . 2008-09-13 09:43 <DIR> d--hs---- C:\FOUND.013
2008-09-12 16:50 . 2008-09-12 16:50 <DIR> d--hs---- C:\FOUND.012
2008-09-12 16:45 . 2008-09-12 16:45 <DIR> d--hs---- C:\FOUND.011
2008-09-11 18:46 . 2008-09-11 18:46 <DIR> d--hs---- C:\FOUND.010
2008-09-11 18:41 . 2008-09-11 18:41 <DIR> d--hs---- C:\FOUND.009
2008-09-11 13:03 . 2008-09-11 13:03 262,144 --a------ C:\Documents and Settings\Forest
2008-09-11 08:04 . 2008-09-11 08:04 <DIR> d-------- C:\Documents and Settings\Trever\.housecall6.6
2008-09-09 17:40 . 2008-09-09 17:40 <DIR> d-------- C:\Program Files\Alwil Software
2008-09-04 12:21 . 2008-09-04 12:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-04 09:55 . 2008-09-04 09:55 <DIR> d--hs---- C:\FOUND.008
2008-09-04 07:21 . 2008-09-04 07:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-09-04 07:18 . 2008-09-04 07:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-09-03 20:49 . 2008-09-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo
2008-09-03 20:32 . 2008-09-03 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-03 20:14 . 2008-09-03 20:14 <DIR> d-------- C:\Program Files\IObit
2008-09-03 17:46 . 2008-09-03 17:46 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-09-03 17:42 . 2008-09-03 17:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-02 17:30 . 2008-09-02 17:30 <DIR> d--hs---- C:\FOUND.007
2008-09-02 08:21 . 2008-09-02 08:21 <DIR> d--hs---- C:\FOUND.006
2008-09-02 08:15 . 2008-09-02 08:15 <DIR> d--hs---- C:\FOUND.005
2008-09-01 07:01 . 2008-09-01 07:01 <DIR> d--hs---- C:\FOUND.004
2008-09-01 06:56 . 2008-09-01 06:56 <DIR> d--hs---- C:\FOUND.003
2008-08-31 20:26 . 2008-08-31 20:26 <DIR> d--hs---- C:\FOUND.002
2008-08-30 16:56 . 2008-08-30 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-08-30 16:25 . 2008-08-30 16:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-30 16:23 . 2008-08-30 16:23 1,024 --a------ C:\.rnd
2008-08-30 14:38 . 2008-04-13 19:11 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-08-30 14:38 . 2008-04-13 19:11 47,616 --a------ C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-08-28 16:32 . 2008-08-28 16:32 <DIR> d-------- C:\Documents and Settings\Trever\Application Data\Malwarebytes
2008-08-28 14:51 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-28 14:47 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-28 14:03 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-28 12:53 . 2008-08-28 12:53 <DIR> d-------- C:\Documents and Settings\James\Application Data\Auslogics
2008-08-28 12:46 . 2008-08-28 12:46 <DIR> d-------- C:\Documents and Settings\James\Application Data\GlarySoft
2008-08-28 10:56 . 2008-08-28 10:56 <DIR> d-------- C:\Program Files\Avira
2008-08-27 22:17 . 2008-08-27 22:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-27 22:17 . 2008-08-27 22:17 <DIR> d-------- C:\Documents and Settings\James\Application Data\Malwarebytes
2008-08-27 22:17 . 2008-08-27 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 22:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 22:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 20:41 . 2008-08-27 20:41 <DIR> d-------- C:\Documents and Settings\James\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 15:56 --------- d-----w C:\Program Files\Bonjour
2008-07-22 12:50 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 23:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-01 14:51 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-26 20:10 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-06-24 23:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2007-10-02 15:06 94 ----a-w C:\Documents and Settings\Trever\Application Data\MTC-savedfolder.dat
2008-05-16 02:36 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-18_11.22.06.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-19 21:56:02 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_650.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 15:31 1909248 --a------ C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\PROGRA~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\PROGRA~1\mypoints\mypoints.dll" [2007-10-02 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auto EPSON Stylus CX7800 Series on AA-5100"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304]
"EPSON Stylus CX7800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-06 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 7311360]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"nwiz"="nwiz.exe" [2005-11-11 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdminWorks Tray]
--a------ 2005-08-18 22:26 1304576 C:\Acer\Empowering Technology\awtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-19 09:38 78008 C:\Program Files\Alwil Software\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
--a------ 2008-05-31 06:35 1655552 C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2005-08-16 09:56 368640 C:\Acer\Empowering Technology\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 05:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-04 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-11-11 04:47 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-27 15:56 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-10-05 22:11 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"vmserverdWin32"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"WmiApSrv"=3 (0x3)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe"
"SMSERIAL"=sm56hlpr.exe
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Intuit\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\WINDOWS\\System32\\msiexec.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:AdminWorks UDP Port
"2804:TCP"= 2804:TCP:AdminWorks TCP Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-23 24208]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-08-08 12170]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-03-31 4010]
S2 Ca536av;FashionCam Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys [ ]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-08-02 5035]
S3 USBCamera;FashionCam Digital Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688b8073-b3ea-11dc-b47b-001558260418}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 16:57:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\ACER\ACER ECONSOLE\MEDIASERVERSERVICE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\ACER\EMPOWERING TECHNOLOGY\AWSERV.EXE
C:\PROGRAM FILES\COMODO\FIREWALL\CMDAGENT.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
.
**************************************************************************
.
Completion time: 2008-09-19 16:58:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-19 21:58:46
ComboFix2.txt 2008-09-18 16:22:44

Pre-Run: 35,710,074,880 bytes free
Post-Run: 35,686,088,704 bytes free

281 --- E O F --- 2008-09-10 02:52:24














Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:39 PM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on AA-5100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P42 "Auto EPSON Stylus CX7800 Series on AA-5100" /O18 "\\AA-5100\Printer2" /M "Stylus CX7800"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sithoutpost.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sithoutpost.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7004 bytes
darksmoke12
Active Member
 
Posts: 9
Joined: September 4th, 2008, 1:47 pm

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 20th, 2008, 8:02 am

It's looking better, how's it running now?

I put the wrong header for deleting all the folders created from the chkdsk scans. They are harmless but can use up a fair amount of space so if you want to delete them step 1 will take them out quickly.

Step 1:
Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe.
  • Copy the lines in the codebox below.
Code: Select all
C:\FOUND.002
C:\FOUND.003
C:\FOUND.004
C:\FOUND.005
C:\FOUND.006
C:\FOUND.007
C:\FOUND.008
C:\FOUND.009
C:\FOUND.010
C:\FOUND.011
C:\FOUND.012
C:\FOUND.013
C:\FOUND.014
C:\FOUND.015
C:\FOUND.016
C:\FOUND.017
C:\FOUND.018
C:\FOUND.019
C:\FOUND.020
C:\FOUND.021
C:\FOUND.022

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2

Step 2:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Step 3:
Run Hijackthis again and post the following:
  • The NOD32 results
  • The new HijackThis log
  • The OTMovit2 results
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby darksmoke12 » September 21st, 2008, 8:17 pm

From what I can see it looks like it is running back to normal, but I want to do a few more cold starts before I'm sure. As for what you said about the hard drive a few posts ago, exactly how bad has it gotten? Unfortunately there is no easy way (That I know of) to transfer the whole drive to a new one because the FAT 32. I tried doing this 6 months ago, but the new drive would only allow to be formatted NTFS and the program will not allow for a different file system to be used :( . That being said, I wanted to be sure that whatever files that are this computer could be tranferred to a new computer without chance of a similar infection.








# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3457 (20080919)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=1037506be568cf4bbeec360b44c0cce5
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-21 03:29:30
# local_time=2008-09-20 10:29:30 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=367072
# found=0
# scan_time=3285







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:15 AM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\awServ.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [Auto EPSON Stylus CX7800 Series on AA-5100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P42 "Auto EPSON Stylus CX7800 Series on AA-5100" /O18 "\\AA-5100\Printer2" /M "Stylus CX7800"
O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sithoutpost.spaces.live.com//Pho ... nPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sithoutpost.spaces.live.com/Phot ... nPUpld.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7028 bytes












C:\FOUND.002 moved successfully.
C:\FOUND.003 moved successfully.
C:\FOUND.004 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.006 moved successfully.
C:\FOUND.007 moved successfully.
C:\FOUND.008 moved successfully.
C:\FOUND.009 moved successfully.
C:\FOUND.010 moved successfully.
C:\FOUND.011 moved successfully.
C:\FOUND.012 moved successfully.
C:\FOUND.013 moved successfully.
C:\FOUND.014 moved successfully.
C:\FOUND.015 moved successfully.
C:\FOUND.016 moved successfully.
C:\FOUND.017 moved successfully.
C:\FOUND.018 moved successfully.
C:\FOUND.019 moved successfully.
C:\FOUND.020 moved successfully.
C:\FOUND.021 moved successfully.
C:\FOUND.022 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09202008_204624
darksmoke12
Active Member
 
Posts: 9
Joined: September 4th, 2008, 1:47 pm

Re: Odd Computer Behavior and Lockups

Unread postby Rodav » September 22nd, 2008, 4:24 pm

When you start to see those chkdsk folders appearing constantly it is more often than not a sign of hardware failure, on this occasion it seems to have been from the malware you had which may had compatibility issues with FAT32. Malware on top of many things can often be buggy. If it seems to be back to normal you might have dodged a bullet and your hard drive is OK. :D

If you want to, you should be able to convert a FAT32 volume to NTFS without data loss or having to try transfer it to another drive: http://support.microsoft.com/kb/307881 although you should back up your data to be safe beforehand.

If you want to take this route you may like to ask about at a specialist tech forum like:
http://www.bleepingcomputer.com/forums/


All is looking good from here, just a couple of steps left. :)

I recommended you remove 1 of your antiviruses now that things are back to normal, I also suggest you remove Ad-Aware and AVG Antispyware as you have Malwarebytes which performs considerably better than the 2 of them. They also have services running in the background that do absolutely nothing apart from possibly slowing your computer down. But it's up to you.


Step 1:
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application and Restart your computer.


Step 2:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete RSIT.exe any logs we have produced, and empty your Recycle bin.


Step 3:
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.


Your logs are now clean. :D :D
If you still feel you are having any issues please let me know now, otherwise read through and proceed with the following:


Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install a Hosts File
    I recommend MVPS Hosts File
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.
  • The last and most important thing I can tell you is UPDATE, UPDATE, UPDATE.
    If you don't update your security programs (Antivirus, Antispyware, even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

Miekiemoes an expert in malware removal has a fantastic article on how to prevent Malware for further tips, it's well worth a read. http://users.telenet.be/bluepatchy/miek ... ntion.html

Please reply to this topic one more time so I know you have read through it or with any questions you may have.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Odd Computer Behavior and Lockups

Unread postby Gary R » September 24th, 2008, 11:12 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware